We are thinking about using SQL Server Column (cell) Level Encryption for sensitive data. There should be no problem when we initially encryption the column, but we have requirements that every year the Encryption Key needs to change. It seems that this requirement may be problem.
Assumption: The table that includes the column that has sensitive data will have 500 million records.
Below are the steps we have thought about implementing. During the encryption/decryption process is the data online, and also how long would this process take?
- Initially encrypt the column
- New Year
- Decrypt the column
- Encrypt the column with new key.
Question : When the column is being decrypted/encrypted is the data online (available to be query)? Does SQL Server provide feature that allows for key changes while the data is online?
© Server Fault or respective owner