Microsoft SQL Server Always Encrypted

this document provides information about configuring our hsms with microsoft sql server always encrypted by using {{futurex}} cng libraries for additional questions about your hsm, see the relevant administrator guide about microsoft sql server always encrypted the microsoft sql server always encrypted feature ensures sensitive data remains encrypted both in transit and at rest, with encryption and decryption occurring on the client side it uses a column master key (cmk) to protect the column encryption key (cek), which encrypts the data in database columns this approach keeps data encrypted even in memory, protecting it from high privilege database users always encrypted supports deterministic and randomized encryption, enabling secure operations while restricting certain sql functionalities it's ideal for protecting pii, financial data, and other confidential information, enhancing security and compliance purpose of the integration through the {{futurex}} cng library, microsoft sql server can use a {{vectera}} hsm for key management and encryption acceleration the hsm generates and stores the microsoft sql always encrypted column master key (cmk), protecting it from disclosure guardian integration the {{guard}} introduces mission critical viability to core cryptographic infrastructure, including centralization of device management elimination of points of failure distribution of transaction loads group specific function blocking user defined grouping systems see the applicable guide in the {{futurex}} portal for configuring hsms with the {{guard}} , including pkcs #11 and cng configuration