What is the best way to encrypt a SQL 2005 database?
I have found things about the with SQL 2008, and I’ve seen how to do column encryption in SQL 2005 – but it seems more difficult to access the table values then because you need to create a function or a view/stored procedure.
I also tried doing the file level security by using windows encryption (via a certificate) to encrypt the folder which held the database files, but then SQL Server Management Studio gave me errors on permissions (even after I gave it permissions).
I need to secure client data on our servers and I need to do it in a way that will not slow down our server too much, though I know it’s inevitable due to the extra layer that encryption poses.
Am I missing something, or am I wrong? Please advise.
Upgrade to SQL Server 2008 and use Transparent Database Encryption. Unlike column level encryption of SQL Server 2005, the 2008 TDE is, as the name implies, transparent. Requires no application changes. Also, the data is searchable, something which is always desirable but very difficult to achieve with column encryption or with client side encryption.
File level encryption does not really work with SQL Server. However, BitLocker does work with SQL Server so encrypting the entire volume with BitLocker is another viable alternative.