I normally do not endorse any one specific product, but in this case I will make an exception.

I have personally evaluated a product called Gazzang. It can encrypt data in such a way that when transported to another server, the data is unreadable unless the encryption key is copied and verified on that external server. I have tried this and copied /var/lib/mysql on another server that did not have the encryption key. The only SQL command that worked with the database encrypted is SHOW DATABASES;. Nothing else worked.

There are some hoops to jump through to get an entire /var/lib/mysql folder encrypted. Once done, you never have to worry about data encryption. Perhaps you could start like this:

• Installation MySQL on a DB Server
• Apply Gazzang's ezncrypt program against the empty /var/lib/mysql
• Load a mysqldump into it

The beautiful part of my evaluation was that the MySQL data was fully accessible by standard DB Connections. Gazzang does not shield normal access protocols. You must take up responsibility for securing passwords:

• June 6, 2012 : Limiting database security
• Feb 17, 2012 : MySQL : Why are there "test" entries in mysql.db?
• Feb 17, 2012 : What is the mysql.db table used for?
• Jan 19, 2012 : MySQL error: Access denied for user 'a'@'localhost' (using password: YES)
• Sep 28, 2011 : Weird MySQL Users Been Created (eg. bug115166_10073) and not by me
• Sep 11, 2011 : Is this a normal set of MySQL privileges?

EPILOGUE

As for the physical data itself, this worked during the 30-day evaluation. Please evaluate it for yourself. I will leave it to you to investigate production case studies on Gazzang.

UPDATE 2015-09-29 12:26 EDT

Cloudera purchased and deprecated Gazzang.

Cloudera Data Encryption is still available.