white papers

Differences Between Whole Database and Column Encryption

NetLib® Encryptionizer® is the only product line that can provide both whole database and column-level encryption for all Editions of SQL Server (not just Enterprise). Below is a discussion of each of the methods by which data in SQL Server can be protected.

NetLib Encryptionizer Whole Database Encryption and Column Encryption products can be layered to provide the protections of both methods.

Whole Database Encryption Advantages

  • Simplest to implement – a few clicks and it is done.
  • No code changes necessary to applications
  • Negligible performance impact on typical transactions on a multi-processor server. More efficient and less impact than Column Encryption.
  • Prevents the database from being attached to an unauthorized instance of SQL Server .
  • Can protect databases on backup media
  • Can protect databases from the network, domain, or Windows administrators
  • Can protect databases from the SQL sysadmin in certain cases (requires a dedicated SQL instance for the database).
  • Can protect databases on laptops/desktops.
  • Developers can use it to protect intellectual property, including proprietary business processes and schema of the database.
  • Can be used to protect databases distributed on CD, over the Internet, etc.
  • Optional APIs for encrypting non-database files such as documents, spreadsheets, or graphic images.

Whole Database Encryption Limitations

  • Single key for the entire database
  • Cannot protect against the SQL sysadmin in a SQL instance shared with other databases.
  • Does not encrypt data travelling over a network.


Column Encryption Advantages

  • More flexible in choosing which pieces of data to encrypt. Applications can be written to ultimately control when, where, by whom, and how data is viewed.
  • Can protect data from the SQL sysadmin even where there is no dedicated SQL instance.
  • Contains both an API interface for maximum power and flexibility, and a seamless point-and-click interface for maximum ease of deployment.
  • Different columns (and even different rows) can be encrypted with different keys.
  • Can be combined with Encryptionizer DE to encrypt data over the network.

Column Encryption Limitations

  • Small but present impact on performance in typical transactions – 5-6 percent on average- slower on accessing/updating an encrypted column versus plaintext column in typical transactions. The greater the number of columns encrypted, the greater potential for performance impact.
  • Limitations on types of database searches that can be performed. For example, comparison searches on an encrypted column (e.g., LastName begins with “S”, Salary between $50,000 and $60,000) can be slow in a large database.
  • Cannot protect the intellectual property of the database (e.g., schema, views).