SQL Server Transparent Data Encryption (TDE) is a method of encrypting the data stored on a hard disk by SQL Server. A customer may have a requirement to use this with Sage CRM.
Transparent Data Encryption has not been tested with Sage CRM, and is therefore technically unsupported, but there should not be any major issues with setting it up. TDE only encrypts the data “at rest”; i.e. the data being stored in the database’s data and log files, as well as in tempdb.
Since the data is only encrypted on the SQL Server side, there is no configuration required on the client application. The application (in this case Sage CRM) is unaware that TDE is being used. As such, there is no requirement for key exchange with a client application, or for any changes to be made to the application.
More information is available here:
It is worth keeping in mind that there are a number of considerations when using TDE:
- There will be performance degradation on the database, both on reads and writes.
- Should the encryption keys be lost, the database will be irrecoverable. This is by design. As such, the database encryption keys should be backed up, and stored in a safe location.
- Encrypted data is not easily compressible; as such, SQL Server backups will occupy much more space, and the SQL Server backup compression option will be largely uneffective.
If TDE is being considered, then it may also be worthwhile investigating the encryption of the data connection between Sage CRM and the database. Further details are available in KBA 492-15895, and in the Microsoft Technet article below: