I want to encrypt sql server database files (2008) I want to make a choice between EFS and TDE. Any advice? Pros/Cons?
views:
416answers:
1
+1
A:
TDE: Portable, self contained, part of the database engine, protects backups
EFS: The engine won't be aware of it, relies on server to set up (think of BCP, HA etc), only protects files on that server on that volume
I'd say TDE is the only choice.
gbn
2009-08-24 11:40:40
Do keep in mind that both of these options only provide protection for the data when it is at rest sitting on the hard drive or tape. If someone breaks into the live SQL Server via SQL Injection, or some other method they will have full access to query the data and see everything.
mrdenny
2009-08-24 12:52:40
@mrdenny: true. We have to assume it's for a "file on physcial media" lockdown based on the question.
gbn
2009-08-24 13:34:48
@mrdenny - thanks for this point, though as @gbn pointed out - its the database files I intend to secure. I will accept this answer.
J Angwenyi
2009-08-24 13:51:07