Sensitive data stored in relational databases is often protected with encryption technologies. Typically, database encryption is performed on the database-side or on the user application-side, both of which have pros and cons. Database-side encryption cannot prevent a rogue database administrator (“DBA”) from compromising data security. This is particularly true as database solutions move toward a cloud-based service model in which database servers are hosted in large cloud computing networks instead of in the database owner's own network. User application-side encryption places the responsibility of properly utilizing encryption technologies on the database users. Moreover, user application-side encryption only permits data to be decrypted by the data owner and user(s) with whom the data owner shares the encryption key. Data is more secure when user application-side encryption is used.
Although user application-side encryption provides better security over database-side encryption, the extra security benefit provided by user application-side encryption is countered by several problems. One problem is that data encryption and decryption are both computationally intensive. This is particularly problematic for lightweight computing devices, such as smartphones, laptops, and tablets. Another problem is that database users have to learn to encrypt and decrypt data using the appropriate library. This introduces a steep technical learning curve and can be a major obstacle for people who usually run only a few Structured Query Language (“SQL”) query commands to access data. Encryption key management also presents a problem for database users. The database owner desires to share his or her data with other people in a secure and easy way. The methodology to do so is not standardized, and thus the data owner must define and design their own encryption key management scheme. This can be difficult, costly, and time-consuming for the database owner. In user application-side encryption schemes, the data is encrypted prior to being stored in the database, and therefore indexing is unavailable for the encrypted data, resulting in serious performance degradation for data access.