What is Transparent Data Encryption (TDE)?

Instructor: Martin Gibbs

Martin has 16 years experience in Human Resources Information Systems and has a PhD in Information Technology Management. He is an adjunct professor of computer science and computer programming.

This lesson will define Transparent Data Encryption (TDE) and how it works within database administration systems. TDE protects data at the file level, making it transparent to the end user.

Transparent Data Encryption (TDE)

How transparent?

This was the author's question when this encryption method was developed. Even though it is an encryption method, the name may indicate that it's a wide-open method; as if anyone could see the person behind the curtain. Thankfully, the transparency is from the viewpoint of the user: They don't need special keys to get to their secure data. And the bad guys don't get a magical decoder ring to see how the data was secured.

Transparent Data Encryption (TDE) was developed with SQL Server 2008, and it is also available in Oracle database management systems. It is an encryption method that protects the core data in the database.

The encryption method protects the data in the database by encrypting the underlying files of the database, and not the data itself. This prevents the data from being hacked and copied to another server; in order to open the files you have to have the original encryption certificate and a master key.

The actual encryption of the database is done at the page level. In the context of the actual database, a page refers to the unit of data storage in the server (not a web page). A page in SQL server is small (8KB in size); therefore Transparent Data Encryption (TDE) operates at the structural level of the database.

Because TDE protects/encrypts the structure of the database, it is considered an at rest encryption method. Other encryption options protect the data in transit, but since TDE encrypts the underlying structure of the data, it is protecting the data as it rests, or is stored, in the database.

The keyword in the method is Transparent. This means that the encryption method is transparent to authorized users of the database; they do not need to create any special macros or update complex configurations to access the data. A good real-world example is that of a key fob.

Keyless entry analogy

TDE is much like a key fob used to gain access to a vehicle: Only the owner of the car (or the person holding the fob) can gain entry to the locked vehicle. There is nothing special that the fob holder has to do; they just press the unlock button. In an SQL or Oracle database, the users do not need to worry about how the data is encrypted; as long as they have access to the database, all encryption and decryption is seamless to them.

TDE and SQL Server

As mentioned, the TDE works on data at rest: It does this across the entire database. That means that data is being encrypted when writing to disk and decrypted when being read back.

The encryption hierarchy is shown in the figure TDE SQL Server. There is a master key that sits at the instance of the server; there is a master database that requires a master key and a server certificate; finally, the user database is protected by the encryption key.

TDE SQL Server (image from author)
TDE SQL Server

To unlock this lesson you must be a Study.com Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use Study.com

Become a Study.com member and start learning now.
Become a Member  Back
What teachers are saying about Study.com
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? Study.com has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account
Support