Keep in mind, too, that encryption increases your data fields. To allow for this, increase the size of the field so the column is larger, and change the field type to accommodate the encrypted data. Numeric fields, then, would be changed to character fields large enough to store encrypted data.
And don't encrypt anything that doesn't need it. Encrypt a credit-card number, but don't bother encrypting your customer's first name.
If you run a high-volume database system, encryption and decryption may not bring it to its knees, but it might hurt performance. Ask your database vendor which encryption-acceleration tools work with its product. Many database-encryption vendors have relationships with acceleration-tool suppliers. Oracle's database, for instance, has a working relationship with nCipher.
Once you know which data to encrypt in your database, decide what to do with the encryption-decryption keys. Don't send your data over the network unencrypted if it's stored in your database in encrypted form. Anyone with access (legal or illicit) to your network can sniff the packets running over it and view your unencrypted data, defeating the purpose of encrypting your database.
This is why client applications should decrypt the data after they receive it from the database. That's the most secure place to handle encryption and decryption. But changing all your client applications usually isn't realistic. If you find that modifying your apps is not an option, look for a solution that allows for decryption on the database and protection of your data while on the network. Using SSL to communicate with your database will protect your data while it traverses the LAN. It's simple to implement, especially since you probably already use it for transmitting sensitive information over the Internet.
Each client with your homegrown apps should have a key to decrypt the data received from a database-query response. For externally developed applications, your best bet is to use stored procedures and views that decrypt and return the data. But even that might not be possible for all applications, because they're keyed to specific table/column combinations and can't be redirected to use queries and views. Whether you decrypt on the server or the client, the keys still must be stored somewhere.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
