I had a request from a customer to “encrypt their data”. This open ended request led to a series of other questions…
• Does this mean individual columns in the database?
• The DB and Log files on the database server?
• The data as it is transmitted between the DB server and the SharePoint Server?
Have you noticed that It seems that most all questions in SharePoint always lead to a series of other questions?
Turns out SharePoint can support all three types of security, what I am going to address here is the file level encryption which is referred to as “Transparent Data Encryption”.
Here is Microsoft’s official definition of what TDL is in SQL 2008:
“Transparent data encryption (TDE) performs real-time I/O encryption and decryption of the data and log files. The encryption uses a database encryption key (DEK), which is stored in the database boot record for availability during recovery. The DEK is a symmetric key secured by using a certificate stored in the master database of the server or an asymmetric key protected by an EKM module. TDE protects data “at rest”, meaning the data and log files. It provides the ability to comply with many laws, regulations, and guidelines established in various industries. This enables software developers to encrypt data by using AES and 3DES encryption algorithms without changing existing applications.”
So SharePoint does support this and is quite transparent to SharePoint as the data still just shows up to the WFE as it did before. Here are a few good resources to dig deeper:
MSDN: Understanding Transparent Data Encryption (TDE)
(http://msdn.microsoft.com/en-us/library/bb934049.aspx)
TechNet: How to: Enable TDE Using EKM
http://technet.microsoft.com/en-us/library/cc645957.aspx
MSDN: Database Encryption in SQL Server 2008 Enterprise Edition
http://msdn.microsoft.com/en-us/library/cc278098(SQL.100).aspx
