Reputation: 17373
Clarification on SQL Azure Transparent Data Encryption (TDE)
I'm creating a POC for TDE to enable security on our SQL Azure DBs.
I'm not sure what exactly TDE does but found below during my test:
You can still run the SQL Script against DB and still get results (unencrypted).
No changes are required on web.config connection strings. I got the result without having to modify the connection strings.
Only way to validate whether the TDE is on/off is to go to Azure Portal?
Could someone one please validate my findings above? I'm unsure whether I'm doing the right or not. Also unsure if my understanding above is correct.
If so how is it secured?
Upvotes: 2
Views: 304
Answers (1)
Reputation: 589
(1) - correct, that is because the master key etc. will be open and thus the engine decrypts the data (which is stored encrypted at rest on the storage system), (2) correct, (3) - no, you can also use T-SQL.
This is a good starting point: https://msdn.microsoft.com/en-us/library/dn948096.aspx
Upvotes: 5
Related Questions
- How can I enable "transparent data encryption" on all databases in a Azure DB pool?
- What is the default encryption algorithm used by Azure TDE?
- TDE vs Disk Encryption advice
- Transparent Data Encryption (TDE)
- Understanding SQL Server Transparent Data Encryption (TDE) master keys
- Strong security via Transparent Data Encryption (TDE) in SQL Server 2012?
- Transparent Data Encryption (TDE) for Azure SQL Database
- Azure SQL Database Transparent Data Encryption(TDE) + Always Encrypted safe?
- SQL Server : Transparent Data Encryption (TDE) and physical access to the PC
- SQL Server 2008 - Transparent Data Encryption undecrypted access