Always Encrypted
E56730
Always Encrypted is a SQL Server security feature that protects sensitive data by encrypting it both at rest and in transit while keeping encryption keys only on the client side.
Statements (51)
| Predicate | Object |
|---|---|
| instanceOf |
SQL Server security feature
→
data encryption technology → |
| appliesTo |
Azure SQL Database
→
Azure SQL Managed Instance → Microsoft SQL Server → |
| category |
data protection
→
database security → |
| designedFor |
protecting credit card numbers
→
protecting financial data → protecting health information → protecting national identification numbers → |
| deterministicEncryptionAllows |
equality comparisons
→
|
| developedBy |
Microsoft
→
|
| differsFrom |
Transparent Data Encryption by encrypting data in use on server side
→
|
| doesNotSupport |
LIKE operator on randomized encrypted columns
→
range queries on encrypted columns without special techniques → |
| encrypts |
specific database columns
→
|
| helpsWith |
compliance requirements
→
data privacy regulations → |
| integratesWith |
SQL Server Management Studio
→
Visual Studio → |
| introducedIn |
SQL Server 2016
→
|
| isTransparentTo |
database engine
→
|
| limits |
operations on encrypted columns
→
|
| performsDecryption |
on client side
→
|
| performsEncryption |
on client side
→
|
| prevents |
DBA from seeing plaintext data
→
database engine from seeing plaintext data → high-privilege users from seeing plaintext data → |
| protects |
sensitive data
→
|
| randomizedEncryptionDisallows |
equality joins
→
|
| randomizedEncryptionProvides |
higher security
→
|
| relatedTo |
Transparent Data Encryption
→
|
| requires |
enabled client driver
→
schema changes for encrypted columns → supported ADO.NET driver → supported ODBC driver → |
| storesKeys |
client side
→
|
| supports |
deterministic encryption
→
encryption at rest → encryption in transit → randomized encryption → |
| supportsAlgorithm |
AES-256
→
RSA → |
| supportsKeyStorageIn |
Azure Key Vault
→
Windows Certificate Store → hardware security modules → |
| uses |
column encryption keys
→
column master keys → column-level encryption → encryption keys → |
Referenced by (3)
| Subject (surface form when different) | Predicate |
|---|---|
|
Azure SQL Database
→
SQL Server → |
supportsFeature |
|
Azure SQL Managed Instance
→
|
supports |