Ben Miller deserves credit for this post.  I have picked up a little bit of information about TDE here and there but he pulled it all together for me.  I presented this at work to give a broad overview of what it is and why we would use it.  I will be creating a more in depth post later.

What is it?

• Encrypted Data at rest.
• AES (128,192,256) or 3DES
• Encryption is performed at the page level.
• Datafile, Logfile and Tempdb are encrypted.
• Tempdb is encrypted at AES 256 and you can’t change that.
• FileStream data is not encrypted when TDE is enabled.
• Protects against people stealing your files.
• SELECT statement results are not encrypted so it is Transparent to the user.

Benefits

• No Schema changes like cell level encryption.
• Page level encryption
• MSFT estimates degradation at 3 to 5% instead of 20 – 28% that occurs with cell level.
• Secure backups by default.
• Invisible to user

Disadvantages

• Backup compression is not useful when TDE is enabled.
• Enterprise Edition Only
• With Cell level encryption, you have finer control over encrypted elements
• Tempdb is encrypted even if only one database is encrypted.
• Instant File initialization is not available when TDE is enabled.
• If you lose your Certificate, your data is gone.

Happy Encrypting!

Andrea