On Oct 31, 2025, at 17:24, Clay Jackson (cjackson) <Clay.Jackson@quest.com> wrote:
>
> I can't disagree - but the question them becomes, as Markus and other have pointed out; would that allow a
customer/userto check the "Encryption" box for PCI or any other "compliance review"
The answer is: it depends (doesn't it always?). Doing secure column-level encryption meets the PCI standard, and a
competentPCI auditor will know that. However, TDE has this cache as being "the way one does it," and if the
organizationis that way, it's hard to move them off of it.
As a sign of how the PCI world views TDE, at least one of the major credit card associations does not use it, and they
haveliterally everyone's credit card number, with expiration date and CVV, sitting on their disks.
