What is Application Level Encryption
Application level encryption takes a different approach than the more commonly adopted data at rest encryption. Application encryption occurs within the designated application and as such, often requires more preparatory work before being able to be deployed. This means that data is encrypted before it reaches the database.
Application encryption requires some coding to fully integrate into the application. Also, an API can be utilised where available.
How does it work
Application encryption allows for the encryption of specific fields within the application. This means that more granular access controls can be applied to the data.
One of the benefits of application-level encryption is that if a hacker manages to successfully access the database support, they would also need to have access (and valid credentials) to the application that was used to encrypt the data. This, therefore, adds a layer of protection.
If there is a need for multiple applications to access the database, this will complicate the key management process. This will also potentially have an impact on the performance of the database and prevent analytics on the data.