MSSQL Encryption

Public key cryptography has become widespread as a way to protect users, networks, data and critical business systems. Whether it is used to encrypt data and ensure privacy, to digitally sign documents and messages to attest to their integrity and authenticity, or to authenticate users and systems and control access.

These public key operations are integral to modern operating systems, commercial security products and custom built systems. E-commerce, online banking, internet gaming, smartphones and cloud computing all rely on the use of digital certificates to represent the digital identity of users, connected devices, web services and business applications.

Each digital certificate, issued by a Certificate Authority, is based on a pair of cryptographic keys that form a high strength unique credential that is tightly associated with the user or organization in question and that is used to perform secure operations such as encryption or signing.” Read our whitepaper, “Securing Your PKI” for an in-depth discussion.


Organizations deploying internal public key infrastructures (PKIs) have the flexibility to define the security models that fit their specific needs, but they face a number of PKI management challenges when it comes to defining, maintaining and securing their PKI

Theft of CA signing private keys or root keys enables bogus certificates to be issued and any suspicion of compromise may force re-issuance of some or all of the previously issued certificates.

Weak controls over the use of signing keys can enable the CA to be misused, even if the keys themselves are not compromised. Theft or misuse of keys associated with online certificate validation processes can be used to subvert revocation processes and enable malicious use of revoked certificates.

As new applications are brought on line, not attending to the performance aspects of signing activities associated with issuance and validation checking can result in significant business impact.


Products and services from Dymar can help to ensure the integrity, performance and manageability of your PKI. By securing the process of issuing certificates and proactively managing signing keys, you prevent their loss or theft, thereby creating a high-assurance foundation for digital security.

When you add nShield Hardware Security Modules (HSMs) to your PKI, you are deploying independently certified, tamper-resistant devices that are used to secure some of the most sensitive keys and business processes in the organization—a widely recognized PKI best practice.

Thales performs interoperability testing with leading PKI vendors and publishes comprehensive white papers and integration guides to help your organization understand key security considerations and to accelerate deployment and minimize risk. By taking advantage of products, expertise, and services from Thales, you will be able to operate PKIs confidently across your enterprise.


  • Take advantage of easily deployed and independently certified security for all high assurance key management and certificate issuance processes.
  • Offload cryptographic processing to accelerate CPU intensive signing operations, boosting performance and enabling applications and business processes to scale.
  • Eliminate risky manual key management processes.
  • Through tightly enforced key management policies, simplify the task of demonstrating compliance and responding to forensic and auditing requests.
  • Choose from a wide range of HSM form factors and performance ratings to suit various deployment scenarios ranging from large enterprise PKIs to localized or application specific CAs.

Related Resources

Research and Whitepapers : Protecting Sensitive Data In and Around a Microsoft SQL Server Database

The Protecting Sensitive Data In and Around a SQL Server Database technical white paper provides an overview of the sensitive files in and around the Microsoft SQL Server database that enterprises need to secure in order to achieve optimal database security.


Data Sheets : Vormetric Data Security Platform

The Vormetric Data Security Platform makes it efficient to manage data-at-rest security across your entire organization. Built on an extensible infrastructure, Vormetric Data Security Platform products can be deployed individually, while sharing efficient, centralized key management


Solution Briefs : Vormetric Transparent Encryption

Vormetric Transparent Encryption delivers data-at-rest encryption, privileged user access controls and security intelligence logs to proactively meet compliance reporting requirements for structured databases and unstructured files. With Vormetric Transparent Encryption, IT and security professionals can efficiently safeguard more data, in more environments, and against more threats as sensitive data moves into cloud deployments, big data platforms, virtualized systems and more.