An organization typically stores a considerable amount of enterprise data and naturally, data security/privacy during data storage and communication is a serious concern. A typical adversary, for the sake of simplicity, is an entity, such as a person or a group of people, capable of intercepting and viewing at least a portion of the organization's data that is transmitted between the organization and the organization's users/members.
Cloud computing environments provide additional challenges, such as when data is migrated to a cloud database management system (DBMS) from an on-premises computing system. Some challenges relate to database encryption, where sensitive columns are encrypted before being stored in the cloud resource. Assuming that the adversary cannot decipher any portion of encrypted data, without access to an appropriate encryption key, the encrypted data can still reveal information that compromises data security. For example, deterministic encryption schemes potentially allow an adversary to learn plain-text values using various surreptitious techniques. Conventional encryption schemes also make it difficult to perform computations without temporarily decrypting the data. These challenges make it difficult to provide a secure database-as-a-service paradigm in the cloud computing environment.