In my hometown of Indianapolis the Winter weather can get very cold. Earlier in this season we had a day where the temperatures dropped to -12 degrees Fahrenheit. The strategy that is employed when voyaging out into the frozen tundra is to dress in layers. By dressing in layers you are adding protection between your delicate flesh and the harsh frigid air. If the layers are insufficient the protection is breached and you suffer the wrath of frostbite.

The strategic approach to protecting your sensitive data is very similar to managing your Winter outings. Any single security effort, be it encryption, hashing, encoding, role-based permissions, or management policies, will fall short in the protection of sensitive data. The dawning of multiple security measures reduce the occurrence of an unauthorized disclosure attempt.

When selecting the security features that are to be applied it is important to understand the intended role of each feature. All features have their strengths, vulnerabilities, and specific role to fill in the security strategy. None provide an all encompassing security solution.

I recently gave a presentation on the topic to Transparent Data Encryption (TDE). A large part of the Q/A portion of the evening was discussing the intended role of TDE. At a base level, TDE is intended to protect the physical files (data file, transaction logs, and backup files) of the database. When a TDE protected database is active on a server it is beyond the scope of that feature. When a TDE protected database is placed upon a backup device or media the power of this feature shines.

The combination of TDE and other features, such as cell-level encryption or one-way encryption, is a greater solution than either option in solitude. Sensitive data protection at the database as well as at the user interface is greater still.