• I think that we can rule out TDE in your case, as it will make data visible to someone who has login permissions. Encrypting columns will work but there could be a performance hit (and I've always found it a pain to put together).

    Can the application encrypt the data? there are a lot of security assemblies available...and this seems to fit your requirements.