This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 17%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECG%3C/text%3E%3C/svg%3E)
Hello, I am looking for clarification or expert advice regarding data at rest. I believe I understand the meaning but when it applies to an SQL database how are we to determine what is at rest. Would it be advised to encrypt all data on the database whether in use or at rest?
Thank you
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 1%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETP%3C/text%3E%3C/svg%3E)
"at rest" means files on the hard drive.
If someone has access to the hard drive, they could see the data and/or copy the files to another location. If your servers are secure, and there is not a regulatory reason, I would not recommend it.
Thank you for the quick response.
My impression is that since the SQL database is always in use and never at rest (unless on the weekends when no one is accessing it) why implement encryption. I thought it would be required for archived data for example. Difficult to determine what could be at rest at times. If there was a compromise and someone copies the database to another location. They would still need the SA login to see the data.
What do you think?
"at rest" does not mean "idle". In this context, it means data stored on the hard drive or other media.
There are several industries, which require all or some data stored on the hard drive to be encrypted. That way if someone accesses the physical hardware, the data is still encrypted. It also hides the data from "server admins".
I see, so in my case I have an sql server housed at a server farm. The hardware belongs to this third party vendor and they have access to it physically.
Would the data still need to be encrypted in your opinion?
Thank you
in my case I have an sql server housed at a server farm. The hardware belongs to this third party vendor and they have access to it physically.
Would the data still need to be encrypted in your opinion?
This is all the more reason to encrypt data at rest. Consider the storage will eventually reach end-of-life. Storage encryption will provide an extra measure of data protection should the hardware not be properly disposed.