Friday, November 22, 2019

Data Platform Tips 6 - Always Encrypted

Always EncryptedAlways Encrypted feature in SQL Server and Azure SQL Database allows to protect sensitive data like credit card numbers, social security numbers etc. It allows client applications to encrypt the data and the SQL Engine won't know anything about the encrypted keys. Like encryption, decryption also happens through the client application.

Always Encrypted supports 2 types of Encryption.

Deterministic encryption - Always generate the same encrypted value for any plain text value. Using deterministic encryption allows point lookups, equality joins, grouping and indexing on encrypted columns. Use deterministic encryption where columns will be used in search, join and group by parameters.

Randomized encryption - Encrypts data in a less predictable manner. More secure than deterministic but prevents using the columns in search, join, indexing and group by parameters. Note: With the release of SQL Server 2019 "Always Encrypted with secure enclaves" feature, now pattern matching, comparison operators and indexing are enabled on columns encrypted with Randomized encryption.

Also with SQL Server 2019 "Always Encrypted with secure enclaves", now you can use T-SQL to encrypt existing data without the need to move the data outside for encryption operations.

No comments:

Post a Comment