Is it PCI complient to encrypt the DB with the sensitive data using TDE (with external EKM)?
We were planning to implement the encryption using TDE and somebody today told me that for PCI the encryption has to be done with an external tool so that the DBA can't see clear PAN (Card holder) data.
Is this true?