We host several instances of our web application on four different servers. Two of the servers host the IIS/web portion of the application, the other two host the MSSQL databases. Each of our clients has an individual virtual directory in IIS and an individual database. Each database shares exactly the same schema.
Assume we're using asymmetric encryption. Should there be one master key-set used by all instances for encryption/decryption? One key-set per server? One per instance? One per field encrypted?
It seems that the most fine-grained approach would be the best security-wise (one per record?) but that seems a bit difficult to manage. What is the best practice here, or am I off the mark entirely?
I'll need to figure out how to store these keys as well, but I figure that's a separate question and may depend on the answer here.