SharePoint, Transparent Data Encryption (TDE) and Remote BLOB Store  (RBS)

SharePoint 2010 introduced many significant changes, including providing more flexibility to utilize different storage mechanisms. SharePoint 2010 now provides support for  a set of standardized API's allowing binary large objects (BLOBs) and remote BLOB store, or RBS. Using RBS as a storage mechanism within your SharePoint farm architecture allows SharePoint architects to address scalability and performance issues associated with SQL databases. Use of RBS allows files and unstructured content to be moved out of SQL databases, while metadata necessary to manage the content is maintained in SQL databases.   

RBS is catching on in the SharePoint world. A recent study by Enterprise Strategy Group found that 30% of SharePoint users had content data bases with 1TB to 5TB of data, 10% had 6TB to 9TB, and 19% had 10 TB or more in their SharePoint content databases. The explosive growth in unstructured data being stored in SharePoint is causing organizations to aggressively explore ways to maintain performance. The same study found that for SharePoint installations with large (5TB or more of content), 17% of sites are presently using RBS technology, and another 46% are planning to move to RBS.

If your organization intends to use RBS to optimize performance for your SharePoint farm, you may be wondering how to maintain the security of the information as you move to RBS. Microsoft's SQL encryption offering (transparent data encryption, or TDE), is only available for SQL server, not for files stored in RBS storage.

The solution is to use a transparent data encryption technology that is independent from the backend storage mechanism, such as CipherPoint's encryption for SharePoint, CipherPointSP Enterprise. Because CipherPoint inserts and encrypts on the web front end, it transparently encrypts data for all SharePoint storage architectures, including for SQL, RBS, and for iSCSI, SAN and local disks via the RBS provider client mechanism. In addition, CipherPoint's technology delivers truly effective insider threat protection. Encryption technologies that perform encryption at the disk or media levels are ineffective against insider threats.

Using an approach like this early on in the development of your SharePoint architecture will enable you to secure sensitive information being stored in SQL databases today, while providing the freedom to enable you to move to RBS later without worrying about changing out your content protection mechanism.