SAP Adaptive Server Enterprise - Encrypted Columns Option
SAP ASE increases security parameters and allows for addition of datatypes and facilitates the design of an encryption scheme for a secure server.
Column-level encryption is applied in Sybase Adaptive Server Enterprise Encrypted Columns Option. The server may contain one encryption key for the server, one per database, one per column or any combination thereof. ASE uses a symmetric encryption algorithm, which means that the same encryption key is used for both encryption and decryption.
ASE uses the system encryption password (set up by the Key Custodian) in conjunction with random values to generate a 128-bit key-encryption key (KEK). The KEK is in turn used to encrypt (prior to storage) all of the CEKs you create.
Encrypting in a database other than the secure database provides an additional layer of security. If the database dump file is ever stolen, the encryption key is nowhere to be found. In addition, the administrator or operator can password protect the database dump, making things that much harder for a hacker. Storing keys in a different database mandates synchronization of database dumps.
Encryption is CPU-intensive, which will vary based upon the number of CPUs, ASE engines, system load, concurrent sessions, encryption per session, encryption key size and length of data. The larger the key size and the wider the data, the higher CPU utilization will be. Therefore only encrypt columns that require the extra security.