1

I'm thinking about encrypting the database that contain sensitive user data. Is it better for performance to encrypt the entire drive by using something like bitlocker or is it better to just encrypt the database using the built-in encryption in SQL server?

I'm using SQL server 2016 on a windows server 2016 machine

Improve this question

2 Answers 2

Reset to default
1

With Transparent Data Encryption (TDE), your backups are also encrypted automatically regardless of destination.

With Bitlocker, if someone takes a backup to another location (like a network drive path or Azure), that backup isn't encrypted.

With both methods, if someone has access to run a SELECT command, you're screwed.

For more details on both, grab Microsoft's SQL Server Compliance Guide. It's old (circa 2008), but goes into way more detail. It's one of the best white papers I've ever read in that it maps business goals to SQL Server features.

Improve this answer
3
  • TDE is the built-in encryption in sql server right? Commented Feb 3, 2018 at 19:36
  • Yes, correct - although only in SQL Server Enterprise Edition. Commented Feb 4, 2018 at 0:22
  • Also available in the Standard Edition of SQL Server 2019. Commented Sep 15, 2020 at 15:30
0

Purely looking at performance, bitlocker is faster, more performance. However if your data is sensitive, your encryption type should be based on your compliance/security requirements. As an example if backup encryption is required TDE is a better option.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.