Transparent Data Encryption (TDE) is implemented on the standard database. TDE is where the database files on the server disk and any backups are encrypted. This ensures that external users cannot acquire files, backups, or access hardware which could lead to the extraction of critical intellectual property data from the database without access to a decryption method.
TDE provides an additional layer of security by securing how the Database Encryption Key (DEK) can be accessed. The DEK is stored in the database boot record and can be accessed in two ways:
-
Symmetrically - by using a Certificate stored in the master database of the server.
-
Asymmetrically - by using Extensible Key Management (EKM).