Data encryption for SQL Database Server should be enabled

Docs > Datadog Security > OOTB Rules > Data encryption for SQL Database Server should be enabled

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

By default, Transparent Data Encryption (TDE) is enabled on every SQL Server, ensuring real-time encryption and decryption of the database, backups, and transaction log files at rest. TDE helps protect against malicious activities without requiring any changes to the application. It is important to note that TDE can be enabled or disabled on an individual SQL Database level and not on the SQL Server level.

Remediation

From the console

Go to SQL databases.
For each DB instance, select Transparent data encryption.
Set Data encryption to On.