I played around with TDE a couple of weeks ago, and I was surprised by how difficult it is to implement.  I’d expected to be able to check a box, put in a password, and click OK, but it’s nowhere near that easy.  Restoring encrypted databases from one server to another can also give DBAs a nasty surprise when they least expect it.

I’ve heard several DBAs comment recently about how SQL Server Management Studio is targeted more at developers than it is database administrators, and I think 2008 will reinforce that perception.  Implementing TDE is a good example: there’s no wizard, there’s no obvious steps, etc.  Right-click on a database and try enabling encryption, and there’s no obvious reason as to why the feature is disabled – the DBA has to dig through documentation to find out that a server certificate is required first.  Ugh.  TDE is a good first step towards secure data files, but any toddler will tell you that those first steps are always the toughest.