Transparent Data Encryption definition
Transparent Data Encryption is a method of encrypting databases to provide a layer of security against unauthorized access to sensitive data.
See also: data at rest, unauthorized access
The key features
- Key management. TDE manages encryption keys — typically stored in a secure and separate location — that encrypt and decrypt the data.
- Encryption of data at rest. TDE encrypts the data when it is stored on disk (data at rest), including the database's files such as data files, log files, and backups.
- Seamless integration. The database system handles encryption and decryption processes without requiring changes in the application's logic or database queries.
- Protection against unauthorized access. It protects the data from being read if the storage media or the data file is stolen or compromised..
History of TDE
- 2005-2006. Oracle introduced TDE with Oracle Database 10g Release 2.
- 2008. Microsoft SQL Server 2008 introduced TDE. TDE in SQL Server enabled the encryption of the entire database, not just specific columns.
- 2010s: Other database systems, including IBM DB2 and MySQL, started incorporating TDE or similar technologies.
- Late 2010s. Cloud service providers like Amazon Web Services, Microsoft Azure, and Google Cloud Platform began offering TDE as part of their database services.
- TDE continues to evolve with a growing emphasis on automated key rotation and improved performance with minimal impact on database response times.