Transparent Data Encryption

E56723

data-at-rest encryption technology database security feature

Transparent Data Encryption is a database security feature that encrypts data at rest by automatically encrypting database files and backups to protect against unauthorized access to stored data.

Jump to: Statements Referenced by

Statements (50)

Predicate	Object
instanceOf	data-at-rest encryption technology ⓘ database security feature ⓘ
appliesTo	data files on disk ⓘ database backups ⓘ database files ⓘ transaction log files ⓘ
doesNotEncrypt	data in memory ⓘ data in transit ⓘ
doesNotProtectAgainst	SQL injection attacks ⓘ attacks by authenticated users with query access ⓘ privilege abuse inside the database ⓘ
encrypts	data at rest ⓘ
hasCharacteristic	can impact I/O performance ⓘ does not require application code changes ⓘ encryption is handled by the database engine ⓘ encrypts entire database or specific tablespaces depending on implementation ⓘ often integrates with hardware security modules ⓘ relies on master keys or key encryption keys ⓘ
hasPurpose	encrypt database files and backups ⓘ prevent unauthorized access to stored data ⓘ protect data at rest ⓘ
isConfiguredAt	database level ⓘ tablespace level in some systems ⓘ
isImplementedIn	Amazon RDS ⓘ surface form: Amazon RDS for SQL Server Azure SQL Database ⓘ Azure SQL Managed Instance ⓘ IBM DB2 ⓘ surface form: IBM Db2 SQL Server ⓘ surface form: Microsoft SQL Server MySQL ⓘ Oracle Cloud databases ⓘ Oracle Database ⓘ PostgreSQL ⓘ
isTransparentTo	applications ⓘ database clients ⓘ
mitigates	risk of data exposure from lost backups ⓘ risk of data exposure from offline attacks ⓘ risk of data exposure from stolen database files ⓘ
performs	on-the-fly decryption ⓘ on-the-fly encryption ⓘ
protects	confidentiality of stored database data ⓘ
relatedTo	backup encryption ⓘ column-level encryption ⓘ disk-level encryption ⓘ key management systems ⓘ
requires	key management ⓘ secure storage of encryption keys ⓘ
supports	regulatory compliance for data protection ⓘ
uses	encryption keys ⓘ key hierarchy ⓘ symmetric encryption algorithms ⓘ

Referenced by (2)

Full triples — surface form annotated when it differs from this entity's canonical label.

Always Encrypted → relatedTo → Transparent Data Encryption ⓘ

SQL Server → supportsFeature → Transparent Data Encryption ⓘ