SQLblogcasts.com has a great tutorial about SQL Server 2008 Transparent Data Encryption. If you want to learn how to encrypt your databases, read that article.
I played around with TDE a couple of weeks ago, and I was surprised by how difficult it is to implement. I’d expected to be able to check a box, put in a password, and click OK, but it’s nowhere near that easy. Restoring encrypted databases from one server to another can also give DBAs a nasty surprise when they least expect it.
I’ve heard several DBAs comment recently about how SQL Server Management Studio is targeted more at developers than it is database administrators, and I think 2008 will reinforce that perception. Implementing TDE is a good example: there’s no wizard, there’s no obvious steps, etc. Right-click on a database and try enabling encryption, and there’s no obvious reason as to why the feature is disabled – the DBA has to dig through documentation to find out that a server certificate is required first. Ugh. TDE is a good first step towards secure data files, but any toddler will tell you that those first steps are always the toughest.
