Database encryption protects sensitive information by scrambling the data when it’s stored, or, as it has become popular to say, “is at rest.”
There are several methods to generate and apply secret codes, but the end result is to make the data unusable in case an attacker manages to evade the standard defenses and gain direct access to the raw bits inside.
- Complete secrecy — The database and all of its contents are locked up to prevent access.
- Partial secrecy — Some of the columns are scrambled to prevent disclosure, but others are left open. All regular operations on the open columns or fields work quickly without impediment, and only the queries accessing the scrambled columns are limited.
- Audit trails — The digital signatures or hash functions can be used to track changes and connect them to the users who authorized them.
- Client-side secrecy — The data is scrambled on the user’s computer before it is given to the database for storage. Often the database or any other code running on the server can’t get access to the information.
- Homomorphic secrecy — Sophisticated mathematical transformations make it possible to analyze the data without unscrambling it.
- Hardware level secrecy — Some applications rely on encryption built into underlying hardware like the disk drives.
The encryption process is a close cousin to the mathematical assurance that makes up the foundation of the ledger or blockchain databases. Digital signatures algorithms used to authorize and guarantee the changes to the ledgers are often developed and supported by the same library. While blockchain databases do not necessarily offer privacy — indeed, all transactions are public — they are often categorized similarly.