This feature is very close to TDE, but there is a difference: TDE is a transparent process. Data is encrypted on-the-fly into the database, and decrypted on the way out. But what if we don't want to encrypt the whole database? Encryption is a CPU time-consuming task. Data needs to be encrypted and decrypted all the time. With a large number of user requests, this can be an issue if we don't scale our hardware to follow this security feature.
In some business scenarios, we need only to worry about backup file security. TDE handle this part as well, but we need to turn on TDE. Backup encryption solves this problem in the way that SQL Server only encrypts backup files after the backup procedure. So, if anyone gets their hands on backup files, without corresponding keys it will be useless.
In the following steps, we'll create a backup certificate,...
