HiveBrain v1.2.0
Get Started
← Back to all entries
patternsqlMinor

Can anyone recommend an encryption method for ALL user dbs using SQL Server 2016 STANDARD edition?

Submitted by: @import:stackexchange-dba··
0
Viewed 0 times
anyoneencryptioncandbsmethodallsqluserserverstandard

Problem

Our clients are insisting that we now encrypt ALL their SQL Server data at rest, which must include tempdb. I think I have the following options available –

  • Bitlocker entire drive(s)



  • TDE (but the cost of Enterprise edition breaks our support model for these clients!)



  • Always-Encrypted (but more a GDPR/Personal information solution, not for whole databases) – and cannot then “wildchar” search these fields, which is a requirement.



  • EFS the User databases location on disk



  • Some 3rd party application that does SQL Server encryption



  • Others?



Any recommendations appreciated (for SQL Server 2016 STANDARD edition only)

Solution

There are 3rd party tools which replicate TDE functionality.

I have tested the following during an exercise to evaluate whether we can move from Enterprise to Standard Edition:

  • https://www.database-encryption.com/



  • https://netlibsecurity.com/



In both cases, they seem to work by placing a driver between the SQL binaries and the storage layer, and after configuration are transparent to the connecting application. Queries work in the exact same way as for TDE-enabled databases. Once the data leaves the storage, it is unencrypted. It would appear as an unencrypted database to all authenticated connections.

They do cost, but I believe there are trial versions available.

In performance tests (10,000 small insert queries into a clustered index) I found that DBDefence closely mirrored the performance of a TDE-enabled database. Query times for Netlib increased by approx 8%. Obviously your specific scenario may differ.

All my tests were performed on SQL 2016 Standard.

Context

StackExchange Database Administrators Q#200475, answer score: 6

Revisions (0)

No revisions yet.