SentryOne Team Blog (

Stronger Security Via Always Encrypted in SQL Server 2016

Prior to SQL Server 2016, your main method for encrypting a SQL Server application was to use a feature called Transparent Data Encryption. TDE provides strong encryption, but with some shortcomings. First, you have to encrypt an entire database. No granularity is offered at a lower level, such as encrypting specific tables or certain data within a table. Second, TDE encrypts only data at rest, in files. Data in memory or in-flight between the application and server are unencrypted. Enter Always Encrypted.


Originally Posted October 07, 2015

0 replies on “Stronger Security Via Always Encrypted in SQL Server 2016”