Encrypted databases in the cloud

Dolores Núñez

Applications that manage large data volumes require specific storage platforms capable of making persistent the generated and consumed information. In this context, databases are one of the most used storage systems, mainly due to their high versatility (allowing simple operations to complex data processing) and their proven performance.

Databases can be classified into relational and non-relational systems. In the one hand, relational databases or RDBMS (Relational Database Management System) maintain highly structured data and perform complex queries over them. In the other hand, non-relational or NoSQL databases (Not only SQL) give up certain features to provide a greater scalability and flexibility performing distributed reading and writing operations.

In some cases applications store sensitive data in untrusted environments as, for example, in the cloud. In scenarios where security and privacy are critical factors the use of tools to protect sensitive data is essential and the encryption becomes one of the most reliable techniques for protecting data.

However, the use of encryption in databases can prevent query execution. In relational databases, which allow a higher complexity on data processing, it is necessary to make a tradeoff between the complexity of the queries allowed and data security. Even though NoSQL databases offer a simpler frame to encrypt data, their capabilities may not be enough for many types of applications.

Thus, several efforts are being made to develop projects that combine both types of storage, in order to achieve more efficient and scalable systems. These projects share the same idea of creating new systems that combine the best of both paradigms.

The secure storage in untrusted environments is a research line with priority in Gradiant. The database encryptedDB is currently under development and it will allow storing data in the cloud in a secure, efficient and scalable manner. The system will rely on a hybrid storage scheme combining relational and non relational databases and different encryption techniques.

You can find more information about encriptedDB at