I'm dealing with a fairly large table (several million rows) storing confidential data which requires encryption.
This data is also accessed by an application which needs to do partial searches using a "LIKE" as the filtering criteria to detect matches in the first few characters, for instance for Last Name.
As expected, decrypting this data for the whole table every time a search is performed takes longer than acceptable (even with a fairly powerful DB server).
For the business, having the data decrypted in memory would be an acceptable approach as long as it is never stored into disk, but as far as I know SQL Server does not have an option to do anything of the sort. Keeping it in global temp tables is not an option either because the data may likely be saved to disk into the temp DB and also because protecting data in the temp DB is even more difficult. We consider creating some objects using the CLR that could persist that data in memory for long periods of time (while it is actively used) and only have to regenerate it in the case that it is not used for an extended period (10 min or more), but then this brings other complexities and also will likely require the CLR to be set to run in unsafe mode, which is an option we cannot allow.
Are there other options to achieve this type of partial searches on encrypted columns?
Any valid suggestion will be greatly appreciated.