What to do if in case someone gain access of datafiles or underlying drive where datafiles resides and attempts to attach the database files to a SQL Server instance and accesses data?
In today's digital landscape, safeguarding sensitive data, encompassing user information like banking details, medical records, and other confidential elements, is of paramount importance for organizations of all sizes. This necessitates robust data security measures, ensuring secure storage and access solely authorized personnel, to maintain confidentiality and trust.
Transparent Data Encryption encrypts the data that’s stored within the database’s files and any backup files created from the backup operation. This encryption is known as encrypting data at rest.
SQL Server encrypts data pages before writing them to disc when we enable encryption at the database level. Data pages read from the disc, on the other hand, are decrypted and stored in memory.
The user's experience remains unaltered. They are completely unaware that the data is encrypted but TDE does not encrypt data passes as traffic between the database and the programme, nor does it encrypt data within the application. When TDE is enabled on database, there is a modest performance hit. The exact amount is determined by server hardware and a variety of other factors.
Let me share the exact steps required and the scripts for this to ensure a secured Data Encryption
Follow below steps to encrypt a database using TDE:
Step 1. Create a Database Master Key
Query
USE MASTER
GO
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'TorData##123'
Step 2. Create a Certificate
Query
CREATE CERTIFICATE ConfigTED WITH SUBJECT = 'Datafile Encryption'
Step 3. Backup CERTIFICATE key with private key
Query
BACKUP CERTIFICATE ConfigTED
TO FILE = 'C:\User\ConfigTED.cer'
WITH PRIVATE KEY
(
FILE = 'SQLPrivateKey',
ENCRYPTION BY PASSWORD = 'TorData##123'
);
Step 4. Create encryption key
Query
USE TorDB
GO
CREATE DATABASE ENCRYPTION KEY
WITH ALGORITHM = AES_128
ENCRYPTION BY SERVER CERTIFICATE ConfigTED
Step 5. Enable the TDE on DB
Query
ALTER DATABASE TorDB SET ENCRYPTION ON
Transparent Data Encryption
- Jan 15, 2024 | Sourabh Tiwari, Assistant Manager- Infra
Author
Sourabh TiwariSourabh, Assistant Infrastructure Manager at Scalability Engineers, leads a team of Database Administrators (DBAs) and Senior DBAs, overseeing the management of client databases. He is responsible for ensuring optimal performance, security, and continuous availability of these critical environments..