Transparent Data Encryption

Transparent Data Encryption

Transparent Data Encryption (TDE) is a type of encryption in databases which encrypts the underlying file structures that are designed and developed to handle the database files instead of encrypting the data itself. This ensures that the data can only be accessed by authorized users of the database while preventing access of the data in the database by those with no access keys to the data encrypted in the underlying databases structures. 

The concept of Transparent Data Encryption is to encrypt data while its stored in the database, also referred to as data at rest. This is not consistent with what other encryption standards do. While other encryption strategies focus on encrypting data in transit, transparent data encryption encrypts data at rest or while it’s stored. Data is only decrypted when a user needs it and encrypted when stored. This ensures that data is inaccessible even when it falls in the wrong hands of 3rd parties. The protection is possible as TDE can encrypt the entire database without affecting how data is accessed.

Transparent Data Encryption supports Advanced Encryption Standard (AES) including the state-of-the-art AES256 encryption standard. For encryption and decryption, TDE utilizes key management systems like Public Cryptography Key Standard (PCKS). A two-tier key-based architecture is what is utilized to encypt and decrypt data, but the data can only be decrypted by a master decryption key.

Transparent Data Encryption (TDE) is offered in the SQL Server and Oracle databases. The core concept of TDE, encrypting data at rest, is its biggest disadvantage, as it doesn’t encrypt data in transit or data in use.

Transparent Data Encryption
Wiki | thetqweb