During our recent packed webinar, “Encryption Key Management with Microsoft SQL Server” we were asked some great questions from the audience and would like to share them with you on our blog. Upcoming questions include “How often do I need to rotate encryption keys on my SQL Server?” and “How does encryption key management work in High Availability (HA) and disaster recovery scenarios?”
Here is part one in our series of questions from this webinar. As always, if you still have any questions, send them our way and we will promptly get back to you.
What are the performance impacts of TDE encryption on Microsoft SQL Server?
Encryption really has a reputation for being CPU intensive. There is good news on this front for Microsoft customers because I think the people in the SQL Server group did a really great job at performance tuning data encryption within the SQL Server environment. If you look at what Microsoft says about turning on TDE (Transparent Data Encryption), they say you will pay a 2-4% performance penalty when encryption is enabled. That is actually very excellent performance. In our experience, it is actually closer to 2%. More complex environments may get a little higher than that.
Microsoft will tell you that there is a little more performance penalty around Cell Level or Column Level encryption. I think that is probably true too, but still I think they have done a great job of making a good solution that performs quite well.
Stay tuned for our next post on “How often do I need to rotate encryption keys on my SQL Server?” and “During Cell Level or Column Level encryption, will the database be locked during the re-encryption process?” In the meantime, view a recording of “Encryption Key Management with Microsoft SQL Server”.