SQL Server Column Level Encryption - Rotating Keys

Posted by BarDev on Server Fault See other posts from Server Fault or by BarDev
Published on 2011-02-28T21:49:54Z Indexed on 2011/02/28 23:27 UTC
Read the original article Hit count: 174

We are thinking about using SQL Server Column (cell) Level Encryption for sensitive data. There should be no problem when we initially encryption the column, but we have requirements that every year the Encryption Key needs to change. It seems that this requirement may be problem.

Assumption: The table that includes the column that has sensitive data will have 500 million records.

Below are the steps we have thought about implementing. During the encryption/decryption process is the data online, and also how long would this process take?

  • Initially encrypt the column
  • New Year
  • Decrypt the column
  • Encrypt the column with new key.

Question : When the column is being decrypted/encrypted is the data online (available to be query)? Does SQL Server provide feature that allows for key changes while the data is online?

BarDev

© Server Fault or respective owner

Related posts about sql-server

Related posts about sql-server-2008