If your data is encrypted both when it’s stored in databases and when it travels from place to place, you might think you’ve got all your bases covered. But that still leaves one big blind spot in your data center security strategy: to use the data, you have to decrypt it, which creates a window for attackers to grab it right out of memory.
Multiple ways to address this have emerged, but only one has proven to be practical and has been gaining popularity among data center operators. Similar to the way smartphones store your most sensitive personal data, the approach is to never expose select sensitive application data to the host operating system in unencrypted state at all.
Read full article at Data Center Knowledge.