Disadvantages of TDE [closed]

Question

Closed. This question needs to be more focused. It is not currently accepting answers.

---

Want to improve this question? Update the question so it focuses on one problem only by editing this post.

Closed 2 years ago.

Improve this question

Is there any effect at the application end, if you configure TDE for Production databases, which are in both replication and Always On Availability Groups in SQL Server 2014 Enterprise Edition?

This is a three node cluster with both replication and AGs, with another set of two nodes used for reporting purposes.

Answer 1

Excerpting from Pros and Cons of Transparent Data Encryption (TDE) by SQL Matters:

Disadvantages of TDE

• Only encrypts data at rest, so data in motion or held within an application is not encrypted.
  • All data in the database is encrypted – not just the sensitive data.
  • Requires the more expensive Enterprise Edition (or Developer or DataCenter Edition) of SQL Server.
  • The amount of compression achieved with compressed backups will be significantly reduced.
  • There is a small performance impact.
  • FileStream data is not encrypted.
  • Some DBA tasks require extra complexity, for instance restoring a backup onto another server.
  • As TempDB is encrypted, there is potentially an impact on non-encrypted databases on the same server.
  • The master database, which contains various metadata, user data and server level information is not encrypted.
  • If one has authorized access to the database, through administrative and other authenticated accounts, they will be allowed to access data without any kind of restrictions. TDE cannot provide protection against authorized users.