Transparent Data Encryption (TDE) is implemented on the standard database. TDE is where the database files on the server and any backups are encrypted. This ensures that external users cannot access or open files, backups, or hardware that could lead to the extraction of critical intellectual property data from the database without access to a decryption method.
TDE provides an additional layer of security by securing how the Database Encryption Key (DEK) can be accessed. The DEK is stored in the database boot record and can be accessed in two ways:
-
Symmetrically by using a Certificate stored in the master database of the server.
-
Asymmetrically by using Extensible Key Management (EKM).