Skip to main content

Home Transparent Data Encryption

Transparent Data Encryption

(also TDE)

Transparent Data Encryption definition

Transparent Data Encryption is a method of encrypting databases to provide a layer of security against unauthorized access to sensitive data.

See also: data at rest, unauthorized access

The key features

  • Key management. TDE manages encryption keys — typically stored in a secure and separate location — that encrypt and decrypt the data.
  • Encryption of data at rest. TDE encrypts the data when it is stored on disk (data at rest), including the database's files such as data files, log files, and backups.
  • Seamless integration. The database system handles encryption and decryption processes without requiring changes in the application's logic or database queries.
  • Protection against unauthorized access. It protects the data from being read if the storage media or the data file is stolen or compromised..

History of TDE

  • 2005-2006. Oracle introduced TDE with Oracle Database 10g Release 2.
  • 2008. Microsoft SQL Server 2008 introduced TDE. TDE in SQL Server enabled the encryption of the entire database, not just specific columns.
  • 2010s: Other database systems, including IBM DB2 and MySQL, started incorporating TDE or similar technologies.
  • Late 2010s. Cloud service providers like Amazon Web Services, Microsoft Azure, and Google Cloud Platform began offering TDE as part of their database services.
  • TDE continues to evolve with a growing emphasis on automated key rotation and improved performance with minimal impact on database response times.