SlideShare a Scribd company logo
Always Encrypted
Beginners 101 Guide to Always
Encrypted
Consultant
Denny Cherry & Associates Consulting
Monica Rathbun
/sqlespresso
@SQLEspresso
SQLEspresso.com
AGENDA
THE BASIC
TERMINOLOLGY
WHAT IS ENCRYPTION?
ENCRYPTION TERMINOLOGY
Type Usage Things to Note
Transparent Data
Encryption (TDE)
Database Level
Data at Rest, Decrypted while in
motion from Memory
to Storage processor.
Column Level Encryption Column Level
DBA Can Get to Data, SQL Knows
the Keys
Dynamic Data Masking Column Level Not Really Encryption
Always Encrypted Column Level
Encrypted Everywhere For
Everyone
WHAT & HOW
DOES IT
WORK
ALWAYS
ENCRYPTED
SQL 2016
SP1
STANDARD
Block
DBA’s
No Code
Changes
Needed*
Encrypted as
it is SENT to
application
ALWAYS
ENCRYPTED
Deterministic
ABCACBACB
WHERE clauses,
GROUP BY and
JOINS
Indexes
Randomized
ABCACBACB,
BBBCCAA, or
CCCAAABBB
More Secure
Non-Searchable
HOW IT WORKS
AE
GOTCHAS
AE GOTCHAS
KEYS
1. Drag & drop your photo onto the
slide.
2. Resize & crop so the key part of
the photo will show up here. You
will want the picture to go to ALL
THE WAY to the top, bottom, and
right side. On the right, position it
so it only just barely covers the red
line.
IMPORTANT: Only resize photos using
the CORNER SQUARE to maintain
proportions (never have distorted
photos in your slides). Use that to get
the HEIGHT you need (so it touches the
top and bottom of the slide. Use CROP
(double click the photo and it will show
up under “picture format” tab) to get the
photo to the WIDTH you need.
Column Encryption Key (CEK)
Column Master Keys (CMK)
Geek Sync | Always Encrypted for Beginners
Geek Sync | Always Encrypted for Beginners
STORING KEYS
WINDOWS CERTIFICATE STORE
ALWAYS
ENCRYPTED
SECURE
ENCLAVES
An enclave is a protected region of memory that acts
as a trusted execution environment.
RICH COMPUTATIONS
Must Be Turned On
Pattern Matching
Range Comparisons
Sorting
USING
AE
SSMS 18.0 or HIGHER
ALWAYS
ENCRYPTED
SSMS uses .NET 4.6
so you can pass in the
necessary encryption
options. SSMS uses
the connection string
to access the Master
Key and return the
data in its decrypted
format.
ALWAYS
ENCRYPTED
SSMS uses .NET 4.6
so you can pass in the
necessary encryption
options. SSMS uses
the connection string
to access the Master
Key and return the
data in its decrypted
format.
Database Permissions
VIEW ANY COLUMN MASTER KEY DEFINITION
VIEW ANY COLUMN ENCRYPTION KEY DEFINITION
These permissions are required to access the
metadata about Always Encrypted keys in the
database.
string connectionString = "Data Source=server63;
Initial Catalog=Clinic; Integrated Security=true;
Column Encryption Setting=enabled";
SqlConnection connection = new
SqlConnection(connectionString);
string connectionString = "Data Source=server63;
Initial Catalog=Clinic; Integrated Security=true;
Column Encryption Setting=enabled"; SqlConnection
connection = new SqlConnection(connectionString);
Database Permissions
VIEW ANY COLUMN MASTER KEY DEFINITION
VIEW ANY COLUMN ENCRYPTION KEY DEFINITION
These permissions are required to access the
metadata about Always Encrypted keys in the
database.
Geek Sync | Always Encrypted for Beginners
REFERENCES
MSDN
https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-
database-engine?view=sql-server-2017
Secure Enclaves https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/configure-always-
encrypted-enclaves?view=sqlallproducts-allversions#configure-a-secure-enclave
TDE
https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/transparent-data-
encryption?view=sql-server-2017
Aaron Bertrand Blog
https://blogs.sentryone.com/aaronbertrand/t-sql-tuesday-69-always-encrypted-limitations/
ARE YOU GOING
TO GIVE AE A
TRY?
Monica Rathbun
MRathbun@sqlespresso.co
m
@SQLEspresso
sqlespresso.com
/in/sqlespresso

More Related Content

Similar to Geek Sync | Always Encrypted for Beginners (20)

PPTX
Understanding SQL Server 2016 Always Encrypted
Ed Leighton-Dick
 
PPTX
TechEd Africa 2011 - OFC308: SharePoint Security in an Insecure World: Unders...
Michael Noel
 
PPT
SQL Server 2016 Security Features
Sam Nasr, MCSA, MVP
 
PPT
SQL Server Encryption - Adi Cohn
sqlserver.co.il
 
PPTX
Karen's Favourite Features of SQL Server 2016
Karen Lopez
 
PPTX
Securing your azure web app with asp.net core data protection
Mike Melusky
 
PPTX
DESIGN%20AND%20IMPLEMENTATION%20OF%20DATA%20SECURITY%20USING%20ADVANCED.pptx
Dharani675311
 
PPTX
key aggregate cryptosystem for scalable data sharing in cloud
Sravan Narra
 
PDF
Programming
ssuser4978d4
 
PPTX
Slide cipher based encryption
Mizi Mohamad
 
PDF
Racf psw enhancement
Luigi Perrone
 
PPTX
Tokenization vs encryption vs masking
Ulf Mattsson
 
PPTX
Transparent Data Encryption for SharePoint Content Databases
Michael Noel
 
PPTX
How to Secure Your Scylla Deployment: Authorization, Encryption, LDAP Authent...
ScyllaDB
 
PDF
Sql Server 2008 Security Enhanments
Eduardo Castro
 
PPTX
What's new in SQL Server 2016
James Serra
 
PPTX
Sql 2016 - What's New
dpcobb
 
PPTX
Advanced Apex Security Expert Tips and Best Practices (1).pptx
mohayyudin7826
 
PDF
EMC Symmetrix Data at Rest Encryption - Detailed Review
EMC
 
DOCX
Key aggregate searchable encryption (kase) for group data sharing via cloud s...
CloudTechnologies
 
Understanding SQL Server 2016 Always Encrypted
Ed Leighton-Dick
 
TechEd Africa 2011 - OFC308: SharePoint Security in an Insecure World: Unders...
Michael Noel
 
SQL Server 2016 Security Features
Sam Nasr, MCSA, MVP
 
SQL Server Encryption - Adi Cohn
sqlserver.co.il
 
Karen's Favourite Features of SQL Server 2016
Karen Lopez
 
Securing your azure web app with asp.net core data protection
Mike Melusky
 
DESIGN%20AND%20IMPLEMENTATION%20OF%20DATA%20SECURITY%20USING%20ADVANCED.pptx
Dharani675311
 
key aggregate cryptosystem for scalable data sharing in cloud
Sravan Narra
 
Programming
ssuser4978d4
 
Slide cipher based encryption
Mizi Mohamad
 
Racf psw enhancement
Luigi Perrone
 
Tokenization vs encryption vs masking
Ulf Mattsson
 
Transparent Data Encryption for SharePoint Content Databases
Michael Noel
 
How to Secure Your Scylla Deployment: Authorization, Encryption, LDAP Authent...
ScyllaDB
 
Sql Server 2008 Security Enhanments
Eduardo Castro
 
What's new in SQL Server 2016
James Serra
 
Sql 2016 - What's New
dpcobb
 
Advanced Apex Security Expert Tips and Best Practices (1).pptx
mohayyudin7826
 
EMC Symmetrix Data at Rest Encryption - Detailed Review
EMC
 
Key aggregate searchable encryption (kase) for group data sharing via cloud s...
CloudTechnologies
 

More from IDERA Software (20)

PPTX
The role of the database administrator (DBA) in 2020: Changes, challenges, an...
IDERA Software
 
PPTX
Problems and solutions for migrating databases to the cloud
IDERA Software
 
PPTX
Public cloud uses and limitations
IDERA Software
 
PPTX
Optimize the performance, cost, and value of databases.pptx
IDERA Software
 
PPTX
Monitor cloud database with SQL Diagnostic Manager for SQL Server
IDERA Software
 
PPTX
Database administrators (dbas) face increasing pressure to monitor databases
IDERA Software
 
PPTX
Six tips for cutting sql server licensing costs
IDERA Software
 
PDF
Idera live 2021: The Power of Abstraction by Steve Hoberman
IDERA Software
 
PDF
Idera live 2021: Why Data Lakes are Critical for AI, ML, and IoT By Brian Flug
IDERA Software
 
PDF
Idera live 2021: Will Data Vault add Value to Your Data Warehouse? 3 Signs th...
IDERA Software
 
PDF
Idera live 2021: Managing Digital Transformation on a Budget by Bert Scalzo
IDERA Software
 
PDF
Idera live 2021: Keynote Presentation The Future of Data is The Data Cloud b...
IDERA Software
 
PDF
Idera live 2021: Managing Databases in the Cloud - the First Step, a Succes...
IDERA Software
 
PDF
Idera live 2021: Database Auditing - on-Premises and in the Cloud by Craig M...
IDERA Software
 
PDF
Idera live 2021: Performance Tuning Azure SQL Database by Monica Rathbun
IDERA Software
 
PPTX
Geek Sync | How to Be the DBA When You Don't Have a DBA - Eric Cobb | IDERA
IDERA Software
 
PPTX
How Users of a Performance Monitoring Tool Can Benefit from an Inventory Mana...
IDERA Software
 
PPTX
Benefits of Third Party Tools for MySQL | IDERA
IDERA Software
 
PPTX
Achieve More with Less Resources | IDERA
IDERA Software
 
PPTX
Benefits of SQL Server 2017 and 2019 | IDERA
IDERA Software
 
The role of the database administrator (DBA) in 2020: Changes, challenges, an...
IDERA Software
 
Problems and solutions for migrating databases to the cloud
IDERA Software
 
Public cloud uses and limitations
IDERA Software
 
Optimize the performance, cost, and value of databases.pptx
IDERA Software
 
Monitor cloud database with SQL Diagnostic Manager for SQL Server
IDERA Software
 
Database administrators (dbas) face increasing pressure to monitor databases
IDERA Software
 
Six tips for cutting sql server licensing costs
IDERA Software
 
Idera live 2021: The Power of Abstraction by Steve Hoberman
IDERA Software
 
Idera live 2021: Why Data Lakes are Critical for AI, ML, and IoT By Brian Flug
IDERA Software
 
Idera live 2021: Will Data Vault add Value to Your Data Warehouse? 3 Signs th...
IDERA Software
 
Idera live 2021: Managing Digital Transformation on a Budget by Bert Scalzo
IDERA Software
 
Idera live 2021: Keynote Presentation The Future of Data is The Data Cloud b...
IDERA Software
 
Idera live 2021: Managing Databases in the Cloud - the First Step, a Succes...
IDERA Software
 
Idera live 2021: Database Auditing - on-Premises and in the Cloud by Craig M...
IDERA Software
 
Idera live 2021: Performance Tuning Azure SQL Database by Monica Rathbun
IDERA Software
 
Geek Sync | How to Be the DBA When You Don't Have a DBA - Eric Cobb | IDERA
IDERA Software
 
How Users of a Performance Monitoring Tool Can Benefit from an Inventory Mana...
IDERA Software
 
Benefits of Third Party Tools for MySQL | IDERA
IDERA Software
 
Achieve More with Less Resources | IDERA
IDERA Software
 
Benefits of SQL Server 2017 and 2019 | IDERA
IDERA Software
 
Ad

Recently uploaded (20)

PDF
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
DOCX
Python coding for beginners !! Start now!#
Rajni Bhardwaj Grover
 
PDF
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
PDF
Staying Human in a Machine- Accelerated World
Catalin Jora
 
PDF
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
PDF
POV_ Why Enterprises Need to Find Value in ZERO.pdf
darshakparmar
 
PDF
Advancing WebDriver BiDi support in WebKit
Igalia
 
PDF
CIFDAQ Market Insights for July 7th 2025
CIFDAQ
 
PDF
LOOPS in C Programming Language - Technology
RishabhDwivedi43
 
PPTX
AI Penetration Testing Essentials: A Cybersecurity Guide for 2025
defencerabbit Team
 
PDF
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PPTX
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
PPTX
Designing Production-Ready AI Agents
Kunal Rai
 
PDF
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
PDF
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
PDF
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
PDF
Mastering Financial Management in Direct Selling
Epixel MLM Software
 
PDF
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
PDF
The Rise of AI and IoT in Mobile App Tech.pdf
IMG Global Infotech
 
PPTX
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
Python coding for beginners !! Start now!#
Rajni Bhardwaj Grover
 
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
Staying Human in a Machine- Accelerated World
Catalin Jora
 
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
POV_ Why Enterprises Need to Find Value in ZERO.pdf
darshakparmar
 
Advancing WebDriver BiDi support in WebKit
Igalia
 
CIFDAQ Market Insights for July 7th 2025
CIFDAQ
 
LOOPS in C Programming Language - Technology
RishabhDwivedi43
 
AI Penetration Testing Essentials: A Cybersecurity Guide for 2025
defencerabbit Team
 
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
Designing Production-Ready AI Agents
Kunal Rai
 
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
Mastering Financial Management in Direct Selling
Epixel MLM Software
 
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
The Rise of AI and IoT in Mobile App Tech.pdf
IMG Global Infotech
 
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
Ad

Geek Sync | Always Encrypted for Beginners