The Database Encryption add-on delivers support for project-level encryption for the production survey database (data-at-rest encryption).

The add-on applies encryption to the project's production database only; the test database, system databases and the multimode databases are not encrypted. The company shared database used for Express projects, and the company shared database used for shared projects, will assume the setting is in use when the databases are created for the first time.

The encryption is delivered through SQL Server TDE (Transparent Data Encryption) using a secure certificate deployed on the encryption-enabled SQL Server database instance(s). Encryption can only be applied at the database creation stage, and it cannot be changed when a survey is re-launched unless a new DB is being created.

When the add-on is activated for your company, the Security tab in the Admin > Accounts > Companies page includes the Enforce db encryption checkbox (go to Security for more information). Check this box to enforce encryption for all new databases for projects administered by your company. Note that this action is not retro-active and will only apply to new databases; pre-existing databases will not be encrypted. If you want the databases to be encrypted for existing company projects, the projects must be re-launched and new databases must be created.

When the add-on is activated for the company and the Enforce db encryption check-box is not checked, then an optional setting for selecting encryption for a project's database is visible to the project author on the Project Overview page and the Survey Launch page. Again, this can only be applied to new databases; if the author wants to encrypt the database for an existing project, the project must be re-launched and a new database must be created.

Encryption is essentially transparent to survey authors apart from the setting itself; data viewing, editing, importing, exporting etc. remains unchanged. It is also transparent to respondents.

Testing has shown the encryption overhead to be negligible, but it does introduce more load onto the SQL Server instance than for unencrypted project databases. Note that during back-up, un-encrypted databases are compressed to save space before the back-up is taken. However encrypted databases cannot be compressed, so the space required for backups of encrypted databases can be significantly greater than for the unencrypted version.

Database Encryption is available as a licensable add-on for On-Premise customers, however SQL Server TDE is only available in Enterprise edition SQL Server.