Data encryption for SQL Database Server should be enabled

Description

By default, Transparent Data Encryption (TDE) is enabled on every SQL Server, ensuring real-time encryption and decryption of the database, backups, and transaction log files at rest. TDE helps protect against malicious activities without requiring any changes to the application. It is important to note that TDE can be enabled or disabled on an individual SQL Database level and not on the SQL Server level.

Remediation

From the console

  1. Go to SQL databases.
  2. For each DB instance, select Transparent data encryption.
  3. Set Data encryption to On.