Our database is encrypted with TDE (Transparent Data Encryption). All the data in the database is encrypted. But when you access the database (e.g. SQL Server Management Studio) when logged in as an approved user on the domain, you do not see encrypted strings, you see the data as plain text.
Now, even though all this data is encrypted, we still don't store raw passwords in the database. We store a hash of the password.
My thought is that we should do something similar with sensitive info like SSNs. The problem is we can't hash an SSN because we have to be able to see it as plain text. I.e., it has to be two-way. We have to be able to decrypt it. So instead of storing a hash of the SSN, I am encrypting the SSN, then adding the encrypted string to the database. So the SSN is essentially encrypted twice (I encrypt it, and then that encrypted string is encrypted again by TDE). My thought is that even if someone gets access to the database by compromising a Windows domain account, they wouldn't be able to get SSNs unless they had the key.
Is this useless/overkill?
