Hi Kim and thank you for your question.
You are correct that in the current Public Preview the difference between the two is how the data is encrypted. To make a field queryable on an exact match in Client-Side Field Level Encryption we use deterministic encryption. Deterministic Encryption is strong encryption for most data but if you have fields that are low cardinality, meaning very few values possible, it can be subject to inference attacks. With Queryable Encryption the data is always encrypted randomly so not subject to those same inference attacks on low cardinality data and you can still run an exact match query. The Public Preview of Queryable Encryption is our first release and only supports exact matches right now but additional querying capability - ranges, prefix, suffix and substring - are planned in the near future.
So to recap -
- Both solutions provide full, end to end protection of the data
- Client-side Field Level Encryption supports exact match queries using deterministic encryption
- Queryable Encryption supports, or is planned to support in the future, exact match (equality), range, prefix, suffix and substring queries on randomly encrypted data.
I hope that helps and keep an eye out for announcements of those new features.
Cynthia