REFERENCE LIBRARY
Security the Basics
Data at rest is data that is not being actively used. It can be data on a hard drive, in log files, copies on a database or in backups.
Full disc encryption is the safest and easiest thing to do to make sure all backups are secure, and it does not impact performance. Bitlocker is a recommended option for full disc encryption. Note: do not lose the key because without it everything is lost.
SQL server has encryption options that go beyond full disc encryption. One is transparent data encryption (TDE). TDE is very useful, but is for the entire database server, not just a single database. It also protects backups and files that are online. Another option within SQL server is the highly advanced always on encryption. This type of encryption will protect file stream data; being transferred across the network, for example. Note that this is not currently available with the connectivity kit. It can be manually applied with code changes, however, and the security library can assist in doing so.
