Database encryption is a great stuff, but need to bare below things in mind...
- Changing the encryption key requires that TLS/SSL be configured on the Microsoft Dynamics CRM website.
- To help ensure the highest level of security, we recommend that you change the encryption key immediately after creating or updating an organization, and thereafter about once a year.
- Auditing cannot be enabled on encrypted fields.
- Encrypted fields cannot be customized.
- Encrypted fields cannot be indexed.
- Encrypted fields can be set and updated by using standard Create, Update, and Delete methods.
- When doing a retrieve of an encrypted field’s value, a null is returned.