how to Encrypt Data of Sql Azure Database??

I have a database on azure, i want to encrypt that database for which i have turned on and saved the Transparent Data Encryption Mode for my Database in the Azure portal settings . There, portal says my data is encrypted. But when I acces it through local SSMS by connecting to the Azure sql server, All the Data is Visible and accessible.

Is there any way that, even though a person has credentials despite he wouldn't be able to see the exact data in Azure Sql Database??

Please tell me if i can encrypt the whole Azure sql database which could only be decrypted by a master k

August 27th, 2015 8:20am

The whole point of Transparent Data Encryption (TDE) is the transparent part. It's design so that if you have legitimate access (i.e. valid credentials) you get access. It protects against someone stealing the disks or files and reading them on other system/machine.

If they have valid credentials and valid roles in the DB, why wouldn't they be able to read the data? I'm not sure what you are trying to accomplish.

----- Ed

Free Windows Admin Tool Kit Click here and download it now
August 27th, 2015 9:30am
Exactly as Ed has said. A valid user has to be able to view the data. How else would an application be able to work if the user was unable to decrypt the data? Encryption is only helpful in the event of physical theft or if someone attempted to copy the physical files and read them somewhere else. You should follow other best practices to secure authentication to the SQL instances (firewall, least privileged users, etc).
August 27th, 2015 9:43am

The whole point of Transparent Data Encryption (TDE) is the transparent part. It's design so that if you have legitimate access (i.e. valid credentials) you get access. It protects against someone stealing the disks or files and reading them on other system/machine.

If they have valid credentials and valid roles in the DB, why wouldn't they be able to read the data? I'm not sure what you are trying to accomplish.

----- Ed

Free Windows Admin Tool Kit Click here and download it now
August 27th, 2015 1:27pm

The whole point of Transparent Data Encryption (TDE) is the transparent part. It's design so that if you have legitimate access (i.e. valid credentials) you get access. It protects against someone stealing the disks or files and reading them on other system/machine.

If they have valid credentials and valid roles in the DB, why wouldn't they be able to read the data? I'm not sure what you are trying to accomplish.

----- Ed

August 27th, 2015 1:27pm

The whole point of Transparent Data Encryption (TDE) is the transparent part. It's design so that if you have legitimate access (i.e. valid credentials) you get access. It protects against someone stealing the disks or files and reading them on other system/machine.

If they have valid credentials and valid roles in the DB, why wouldn't they be able to read the data? I'm not sure what you are trying to accomplish.

----- Ed

Free Windows Admin Tool Kit Click here and download it now
August 27th, 2015 1:27pm

The whole point of Transparent Data Encryption (TDE) is the transparent part. It's design so that if you have legitimate access (i.e. valid credentials) you get access. It protects against someone stealing the disks or files and reading them on other system/machine.

If they have valid credentials and valid roles in the DB, why wouldn't they be able to read the data? I'm not sure what you are trying to accomplish.

----- Ed

August 27th, 2015 1:27pm

The whole point of Transparent Data Encryption (TDE) is the transparent part. It's design so that if you have legitimate access (i.e. valid credentials) you get access. It protects against someone stealing the disks or files and reading them on other system/machine.

If they have valid credentials and valid roles in the DB, why wouldn't they be able to read the data? I'm not sure what you are trying to accomplish.

----- Ed

Free Windows Admin Tool Kit Click here and download it now
August 27th, 2015 1:27pm

The whole point of Transparent Data Encryption (TDE) is the transparent part. It's design so that if you have legitimate access (i.e. valid credentials) you get access. It protects against someone stealing the disks or files and reading them on other system/machine.

If they have valid credentials and valid roles in the DB, why wouldn't they be able to read the data? I'm not sure what you are trying to accomplish.

----- Ed

August 27th, 2015 1:27pm

The whole point of Transparent Data Encryption (TDE) is the transparent part. It's design so that if you have legitimate access (i.e. valid credentials) you get access. It protects against someone stealing the disks or files and reading them on other system/machine.

If they have valid credentials and valid roles in the DB, why wouldn't they be able to read the data? I'm not sure what you are trying to accomplish.

----- Ed

Free Windows Admin Tool Kit Click here and download it now
August 27th, 2015 1:27pm

The whole point of Transparent Data Encryption (TDE) is the transparent part. It's design so that if you have legitimate access (i.e. valid credentials) you get access. It protects against someone stealing the disks or files and reading them on other system/machine.

If they have valid credentials and valid roles in the DB, why wouldn't they be able to read the data? I'm not sure what you are trying to accomplish.

----- Ed

August 27th, 2015 1:27pm

Adding to what other experts mentioned:

 The TDE provides encryption of data at rest and if you are looking for encryption of data in motion, you can try - https://azure.microsoft.com/en-us/documentation/articles/sql-database-dynamic-data-masking-get-started/

Free Windows Admin Tool Kit Click here and download it now
August 28th, 2015 7:49am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics