I would think that you would be better off using native SQL security to restrict access to the data rather than attempting to encrypt it. I personally prefer to write stored procs that "wrap" my tables and then I grant exec privileges on the stored procs to the appropriate roles. This way, I don't have to grant select on the underlying tables to anyone.
Alternatively, you can grant select privileges to specific roles based on need. You may also grant the select privilege down to a particular column(s) of data.
Note that you could also get an SSL certificate and force encryption between the client and the host, but I'm not certain that this will help in your circumstance.
Originally Posted by jleb
Have you hugged your backup today?