Transparent Data Encryption (TDE) on SQL Server Database
This appendix contains information about Transparent Data Encryption (TDE) on Microsoft SQL Server Database.
About TDE on SQL Server Database
Transparent Data Encryption (TDE) can be used to protect data by encrypting the physical files, both the data (mdf) and log (ldf) files. This technology makes the entire encryption process completely transparent to the applications accessing the database. This is achieved by using either Advanced Encryption Standard (AES), or Triple DES, encrypting the file pages, and then decrypted as the information goes into memory. This inhibits limitations from querying the data in an encrypted database. This is real time I/O encryption and decryption and does not increase the size of the database.
Database backups will also be encrypted. If a backup of the database gets lost or stolen, it will not be able to restore the database without the appropriate certificate, keys and passwords.
For information on how to implement TDE on Microsoft SQL Database, see Transparent Data Encryption Setup Guide.