We are hosting sharepoint DBs. My boss ask me for possibilities to do the encryption on content DB level, it backup. or on column level?

I read about TDE? it is will slow the DBs? is it practical ?

or better to take at windows level encryption ?

other good options?

BTW , we have AlwaysOn and FCI, is it compatible with this

You typically need full database encryption plus backup encryption for SharePoint content databases. You never know what users store in SharePoint, and so you should treat it as highly confidential data.

Transparent Database Encryption (TDE) is the best and recommended solution for SharePoint content databases.  It encrypts all the data in the database, and all of the backups.  It's compatible with both AlwaysOn AGs and FCIs.

TDE decrypts the data as its read into memory and encrypts it before it's read to disk.  So it doesn't have any performance overhead when accessing cached database pages, but adds CPU cost to reading and writing to disk.

You can also use BitLocker for drive encryption, along with SQL Server 2014's Backup Encryption

David

In addition to David's reply:

I suggest you first ask what purposes the encryption is for. Is it to protect for a DBA to read sensitive information (TDE and backup encryption does nothing here)? Or something else? So, what is it that you want to protect and for what situations?