All SQL Server backups are made using transparent data encryption (TDE). The backup process involves first performing a backup to disk storage then copying the disk backup files to tape and storing the tapes at offsite facility. A courier service picks up each night’s backup tapes every morning. This morning, shortly after the courier picked up the tapes at your facility, the courier’s van was stolen. Upper management is concerned that the thief who now has your backup tapes can read highly confidential information from these tapes. What should you tell upper management?

All SQL Server backups are made using transparent data encryption (TDE). The backup process involves first performing a backup to disk storage then copying the disk backup files to tape and storing the tapes at offsite facility. A courier service picks up each night’s backup tapes every morning. This morning, shortly after the courier picked up the tapes at your facility, the courier’s van was stolen. Upper management is concerned that the thief who now has your backup tapes can read highly confidential information from these tapes. What should you tell upper management?

All SQL Server backups are made using transparent data encryption (TDE). The backup process involves first performing a backup to disk storage then copying the disk backup files to tape and storing the tapes at offsite facility. A courier service picks up each night’s backup tapes every morning. This morning, shortly after the courier picked up the tapes at your facility, the courier’s van was stolen. Upper management is concerned that the thief who now has your backup tapes can read highly confidential information from these tapes. What should you tell upper management?


Answer: – The thief might be able to read he files on the tapes but transparent data encryption will prevent the thief from making any sense out of the data.

(The thief can perhaps find a way to read the backup tapes, however the contents of each backup file are still encrypted with transparent data encryption (TDE). This encryption cannot be removed by copying the backup files. Without the certificate and database encryption key used to set up TDE, the data will not be readable as meaningful data. Any SQL Server instance created would need this certificate and master key to access the data through TDE.)