Ben has been writing about encryption a bit, and of course if you head to the site, you can check out the ongoing series we’ve been doing that goes through all of the different aspects of controlling and encrypting your data. (check it out here – it’s pretty comprehensive!)
One area that seems to still be a challenge is that of working with cloud providers for hosting your databases. This is definitely one area you want to pay very close attention to until they get it fully worked out. Specifically, depending on the provider you select, different encryption abilities will, or won’t, be available.
Keep in mind too that different types of encryption exist in terms of application and utility – there’s TDE (transparent data encryption), column level encryption (also referred to as cell-level encryption) and even third party utilities that let you encryption data on a case-by-case basis. I’ve seen a few references to a given provider indicating that they support encryption, only to find out that it’s really just supporting a third-party tool.
I have nothing against third-party tools – nothing at all. The issue is that if you’re building out your systems to take advantage of both at-rest and in-transit (or other types of encryption) solutions, you need to make sure that EACH of these is supported by your provider. You don’t want to start down the somewhat intricate cutover process to a provider only to find out that you won’t be able to protect your information as you need and want to.
Ask questions, lots of them. Ask about key management and whether they support key rotations for the data. Ask about encryption of data connection (SSL) and what’s supported there. You might ask too about what’s NOT supported, so you get a feel for whether they may be referencing something key (sorry) that you need in your implementation.
Things are absolutely getting better – and the issues will surely be resolved, but be informed about what’s supported and what’s not. Don’t be surprised and caught making compromises in your deployments. It’s just too important.