2

I'm creating a POC for TDE to enable security on our SQL Azure DBs.

I'm not sure what exactly TDE does but found below during my test:

  1. You can still run the SQL Script against DB and still get results (unencrypted).

  2. No changes are required on web.config connection strings. I got the result without having to modify the connection strings.

  3. Only way to validate whether the TDE is on/off is to go to Azure Portal?

Could someone one please validate my findings above? I'm unsure whether I'm doing the right or not. Also unsure if my understanding above is correct.

If so how is it secured?

Jack Richins
  • 548
  • 2
  • 5
Nil Pun
  • 17,035
  • 39
  • 172
  • 294

1 Answers1

5

(1) - correct, that is because the master key etc. will be open and thus the engine decrypts the data (which is stored encrypted at rest on the storage system), (2) correct, (3) - no, you can also use T-SQL.

This is a good starting point: https://msdn.microsoft.com/en-us/library/dn948096.aspx

Tony Rogerson
  • 579
  • 2
  • 6