A lot of times encryption “at rest” is just encrypting the partition the DB is sitting on. There are options for encrypting the database when it’s in use, but if you don’t set up the right access controls the on-the-fly decryption can have it show up as plaintext.
The best option for this is to do the decryption/encryption in the application, so even if they get the DB credentials for the app user it’s still encrypted. One disadvantage is that you can’t do searches in the DB anymore.
Of course, all of these are in increasing level of difficulty and adding them after the fact becomes a more daunting task the longer you put it off.
A lot of times encryption “at rest” is just encrypting the partition the DB is sitting on. There are options for encrypting the database when it’s in use, but if you don’t set up the right access controls the on-the-fly decryption can have it show up as plaintext.
The best option for this is to do the decryption/encryption in the application, so even if they get the DB credentials for the app user it’s still encrypted. One disadvantage is that you can’t do searches in the DB anymore.
Of course, all of these are in increasing level of difficulty and adding them after the fact becomes a more daunting task the longer you put it off.