Comment Re:THIS IS A FARCE (Score 2, Insightful) 510
Simple solution. Encrypt the sensitive information before storing it in the database. Leave all of the other information unencrypted. You don't need to search by the sensitive fields anyway, so the inability to index them doesn't matter.
Use filesystem/os level support for locking down the key on the system that needs to be able to decrypt it so that only the account/application authorized to access it can. That limits the vulnerabilities a single system. Even once on that system it is limited to "root" and the actual application.
Now you may safely let any number of insecure systems query your database. You can use trivial database backup schemes with no additional encryption. You don't need to worry about the physical security of those backups. Since you only need to backup the key when you first generate it, there is never any danger of the key and backup data being lost together in transit.
There is no speed penalty anywhere in the system except the sensitive parts.