Download eBook (PDF) - Red Gate Software

6 – Transparent Data Encryption-- Before proceeding, wait until the decryption process iscomplete.-- Use the sys.dm_database_encryption_keys dmv to determinethis.DROP DATABASE ENCRYPTION KEY;GO-- Restart Instance Though SQL Server Management Studio:-- Right-Click instance and click on "Restart" option.Listing 6-13: Reversing TDE after transactions have occurred.We will need to keep the certificate and database master key that was setup inthe Master database, since there will remain some dependencies upon thesekeys that affect the recoverability of the database.It is recommended to perform either of these removal options while thedatabase is not in use by other users. In addition, it is always recommended thata backup be made of the database, the database master key and certificate priorto reversing TDE.SummaryThrough this demonstration we have successfully implemented TDE for theHomeLending database and validated that it is enabled. In addition, the stepsto reverse TDE have been provided in the event that it is requested.While TDE does not offer the granularity of protection that cell-levelencryption offers, it does provide a level of protection that cannot be achievedthrough cell-level encryption. This feature provides a means to renderunreadable the plain text that would otherwise be disclosed in the databasebackup files.Thanks to the encryption key hierarchy that is external to the database,additional protection is offered by restricting restoration of the encrypteddatabase to the instance from which the backup files were created.Implementing TDE in conjunction with cell-level encryption provides a layeredapproach to data security, which enhances its effectiveness. Another option forprotecting sensitive data that is available is one-way encryption, also referred toas hashing. One-way encryption can be applied alongside TDE, cell-levelencryption and other obfuscation methods. One-way encryption is the topic ofthe next chapter.146