Why is whole database encryption faster than column encryption?
It seems counterintuitive. Why would performance when working with a wholly encrypted database be better than performance when working with just a few columns? That is because whole database encryption processing actually takes place between the SQL Server and file system layers. Since whole database encryption works at such a low level, it is very efficient. As a matter of fact, on a multi-processor machine, our clients have noted virtually no impact on performance when working with a wholly encrypted database. Since column encryption works within SQL Server itself, there is some performance impact, reported to be 5-6 percent slower accessing an encrypted column vs. a plaintext one. This performance impact is additive when accessing multiple encrypted columns at one time. As a general rule of thumb, because of the possible performance impact of column encryption, if more than 10 percent of the database needs to be encrypted, whole database encryption is recommended.
