This chapter looked at database cryptography as a hardening solution to what is often referred to as the "soft, chewy center" of most organizations. This hardening is the last line of defense between data and attackers.
The chapter opened with introductory coverage of databases and cryptography. The cryptographic overage included symmetric cryptography, asymmetric (or public-key) cryptography, and cryptographic hashing. While the material certainly won’t turn you into a database expert or cryptographer, it should provide enough background for you to follow the rest of the book.
With the introductory material out of the way, the discussion turned to examining, at a high level, how cryptography can be applied to protect the confidentiality and integrity threats identified in the previous chapter. Confirming the principle that security is always a balance of trade-offs, the risks of attacks against a database cryptosystem were considered. In particular, we explored the idea that encryption turns the problem of protecting the confidentiality of a large quantity of business data into the problem of protecting a small set of keys.
This chapter also discussed obfuscation, the purposeful use of poor key protection to obtain a minimal amount of data security, and transparent encryption, the problematic technique of automatically decrypting information for any "legitimate" user.
This chapter hopefully provided a taste of what cryptography can and cannot do. With the promise and limits of cryptography covered, we now move on to exploring the details of a functioning cryptosystem.