How can we improve Azure SQL Database?

Enable Transparent Data Encryption

Enabling TDE would go a long way to help placate business sponsors concerned about their data being housed in Microsoft's datacenters. Even though the cloud is arguably more secure than doing it yourself, turning on TDE would provide a warm fuzzy feeling to those not comfortable with the concept.

883 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    anonymousanonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    Jason HornerJason Horner shared a merged idea: Support SQL Server Encryption  ·   · 
    Avi StokarAvi Stokar shared a merged idea: Add TDE to Azure SQL  ·   · 
    VictorVictor shared a merged idea: SQL Transparent Data Encryption (TDE) or column encryption  ·   · 
    Juan Pablo PérezJuan Pablo Pérez shared a merged idea: Enable to encrypt Store Procedures, Triggers, Functions, etc.  ·   · 

    23 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • MeenuMeenu commented  ·   ·  Flag as inappropriate

        Its been almost 2.5 years since this feature went in planned stage. Any tineframe when would this be made available. If not please update the status accordingly so we can plan our future product releases accordingly. Thanks.

      • AdminAdmin commented  ·   ·  Flag as inappropriate

        Its been over 2 years since it went in "Planned" phase. Any idea when would this feature be available. We have a healthcare application that we would like to host on azure but without encryption we are forced to look elsewhere.

      • VictorVictor commented  ·   ·  Flag as inappropriate

        My company is switching to AWS with Oracle Enterprise because Azure doesn't support TDE. :(

      • WalterWalter commented  ·   ·  Flag as inappropriate

        Hello? Still haveig trouble to make the encryption compatible with NSA? 4 years for nothing or what?

      • Florin NeamtuFlorin Neamtu commented  ·   ·  Flag as inappropriate

        Very interested in this too!!
        A simple update on this feature would be useful, just say you're not going to do it in the next 2 years because x and y and z. Then I'll clearly know my options and can work around it - encrypt sensitive data in wcf services and give up searching on those columns or whatever. But having no official take from MS on this, keeps me in a bit of a dead-lock situation - should I spend my time implementing this, or just keep hoping? It's been a long time since this important feature was requested, any decision at this point is way better than no decision.

      • WalterWalter commented  ·   ·  Flag as inappropriate

        Guy, it's been almost two years now. We're waiting since 2009. That's 4 Years.
        Are you there? Anybody there???

      • SidSid commented  ·   ·  Flag as inappropriate

        You can't develop any serious application (financial data, health data etc) without an encrypted database to support encryption-at-rest requirements. And while Victor's request is well intentioned, having TDE is useless in a cloud environment (it's useful only if someone accessed the dB file via the filesystem). For a meaningful way to be secure in a cloud environment, we would like to have some form of database/table/column encryption where the storage/access/maintenance is also well thought out. This is infrastructure logic (not business logic), so should be the cloud providers responsibility. Amazon RDS supports SQL encryption

        Right now Azure demands that applications encrypt data themselves, say, within the .NET application. However, that still falls under "infrastructure responsibility" (=cloud providers responsibility) so even under that "outside SQL Azure" security model argument, Microsoft should be supporting that security model by providing libraries that do that. Otherwise each customer will be reinventing the wheel (or worse, operate insecurely until a major breach happens and the press writes "Microsoft Azure prone to hacking!")

      • Anonymous commented  ·   ·  Flag as inappropriate

        Hi, any updates to this? Do we continue down the path of our own bespoke solution or will SQL Azure provide us with a less complex solution ? better performing solution?

      • Anonymous commented  ·   ·  Flag as inappropriate

        Hi, any updates to this? Do we continue down the path of our own bespoke solution or will SQL Azure provide us with a less complex solution ? better performing solution?

      • ryancrawcourryancrawcour commented  ·   ·  Flag as inappropriate

        Guy, it's been almost a year since you posted this. Any updates on a timeframe? It's these sorts of features that real world enterprise applications desperately need.

      • VictorVictor commented  ·   ·  Flag as inappropriate

        I know this can be done with VMs but defeats the purpose of using Azure.

      • Christopher StevenChristopher Steven commented  ·   ·  Flag as inappropriate

        I would also like to know the status of this. This feature would help with Hippa compliance. Currently we can not use Azure because Microsoft will not do a Data Use Agreement. This would help solve that.

      • Aloisio dos SantosAloisio dos Santos commented  ·   ·  Flag as inappropriate

        We currently deploy our product in which stored procedures are encrypted to protect business logic. We're currently modifying our product to be compatible with SQL Azure as well as to be deployed on premises still. Without the encryption of stored procedures, triggers, and functions, it not only exposes the business logic that we want to protect, but it also, at the minimum, forces our development team to keep two code base set to manage.

      • CuriousGeorgeCuriousGeorge commented  ·   ·  Flag as inappropriate

        Indeed this would go a loooong way towards addressing the common concern that my data is at risk of prying eyes in the cloud.

      ← Previous 1

      Feedback and Knowledge Base