Limitations of TDE

Although TDE offers many benefits over column-level encryption, it has some of its own limitations, which are important to consider. They include

• TDE is not granular like column-level encryption. The entire database is encrypted, but only on disk. Sensitive data such as Social Security numbers or credit card numbers can be seen by anyone who has permission to access those columns. TDE also does not prevent DBAs from viewing any data in the database.

• TDE does not protect communications between client applications and SQL Server. Network encryption methods should be used to protect sensitive data flowing over the network.

• FILESTREAM data is not encrypted.

• When any one database on a SQL Server instance has TDE enabled, ...

Get Microsoft® SQL Server 2008 R2 Unleashed now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.