May 22, 2017 at 3:53 pm
We would like to check if we need to implement data at rest encryption for our SQL server databases. Most of data are student info data. We are thinking doing encryption for the data at rest.
Does TDE more widely used on Datawarehouse databases than OLTP databases?
In which situation we should encrypt data at rest?
Any performance effect on OLTP databases, and pros and cons to use TDE comparing without using encryption?
Thanks
May 23, 2017 at 6:39 am
Frankly the best person / people who can tell you if you should be protecting your data at rest, are going to be your employers' lawyers, based on the relevant laws, policies, etc for your business.
As a general guideline, potentially any "personally identifiable information" should be protected at-rest (ie: social security numbers, name / address, etc) and some of that data (SSNs) should be stored in an encrypted form.
But again, DO NOT take anything anyone suggests here as a "absolute" answer, CHECK with your employer and their lawyers. No one here (that I am aware of) is a lawyer, we don't know your business requirements, and we (most likely) didn't stay at a Holiday Inn Express last night.
May 23, 2017 at 9:07 am
Just to add - with TDE enabled you cannot exercise Instant File Initialization for Sql Server which has been proven to speed up the creation of databases (files in windows) (for better performance). Also, TDE adds anywhere between 1 - 30% overhead to your Sql Server mainly due to the decryption process which takes additional IO and CPU to function. We use it on many of our Sql Server instances, and we do not notice a performance hit due to how beefed up our servers are. While the database is encrypting, you may also notice a performance hit, but that only occurs once.
May 23, 2017 at 9:28 am
Thank you all.
Does TDE more widely used on Datawarehouse databases than OLTP databases?
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply