Database administrators go to great lengths to ensure that their SQL server instances remain secure. They’re usually physically located in a secured room and use appropriate user accounts than authentication protocols to verify permissions during network access. But if your database back-ups are stored off-site or in the cloud, then just as much care needs to be given to the security of the back-up files. If someone can simply restore a copy of your database from a back-up on their own hardware,then it really doesn’t matter what kind of locks you keep on the doors of your own equipment. The solution is to apply something called Transparent Data Encryption, or TDE. Transparent Data Encryption performs real-time encryption and decryption of the data in the log files and uses a certificate that are secured by the SQL server instances master key.
You have to create a key, a certificate, and then use the them to create the backup file. When you restore, you will need the key and the certificate.
Sources:
https://www.linkedin.com/learning/designing-database-solutions-for-sql-server-2016/backup-encryption
Comments