I normally do not endorse any one specific product, but in this case I will make an exception.

I have personally evaluated a product called Gazzang. It can encrypt data in such a way that when transported to another server, the data is unreadable unless the encryption key is copied and verified on that external server. I have tried this and copied /var/lib/mysql on another server that did not have the encryption key. The only SQL command that worked with the database encrypted is SHOW DATABASES;. Nothing else worked.

There are some hoops to jump through to get an entire /var/lib/mysql folder encrypted. Once done, you never have to worry about data encryption. Perhaps you could start like this:

• Installation MySQL on a DB Server
• Apply Gazzang's ezncrypt program against the empty /var/lib/mysql
• Load a mysqldump into it

The beautiful part of my evaluation was that the MySQL data was fully accessible by standard DB Connections. Gazzang does not shield normal access protocols. You must take up responsibility for securing passwords:

• June 6, 2012 : Limiting database security
• Feb 17, 2012 : MySQL : Why are there "test" entries in mysql.db?
• Feb 17, 2012 : What is the mysql.db table used for?
• Jan 19, 2012 : MySQL error: Access denied for user 'a'@'localhost' (using password: YES)
• Sep 28, 2011 : Weird MySQL Users Been Created (eg. bug115166_10073) and not by me
• Sep 11, 2011 : Is this a normal set of MySQL privileges?

EPILOGUE

As for the physical data itself, this worked during the 30-day evaluation. Please evaluate it for yourself. I will leave it to you to investigate production case studies on Gazzang.

UPDATE 2015-09-29 12:26 EDT

Cloudera purchased and deprecated Gazzang.

Cloudera Data Encryption is still available.

Here is a more secure way to reset password without skip-grant-tables

Suppose you want root to have myn3wp@ssw0rd as the password

Step 01 : Create a script to execute when mysqld first start up

Create a file called /var/lib/mysql/init-file.sql with these two lines

GRANT ALL PRIVILEGES ON *.* to root@localhost
IDENTIFIED BY 'myn3wp@ssw0rd' WITH GRANT OPTION;

Step 02 : Run these three(3) lines in the OS

chown mysql:mysql /var/lib/mysql/init-file.sql
service mysql restart --init-file=/var/lib/mysql/init-file.sql
rm -f /var/lib/mysql/init-file.sql

Step 03 : THERE IS NO STEP 03. YOU ARE DONE !!!

Give it a Try !!!

CAVEAT

• I used to recommend two restarts of mysql that required editing my.cnf
• I learned a better approach from @ShlomiNoach
• This answer improves on it more by not editing my.cnf at all

UPDATE 2013-06-17 07:05 EDT

OK Since mysqld for Ubuntu does not like init-file on the command, you must edit the my.cnf. Please do these next two steps

STEP 01) Add these lines to my.cnf under the [mysqld] group header

[mysqld]
init-file=/var/lib/mysql/init-file.sql

STEP 02) Allow mysql to read files from /etc/mysql

sudo vim /etc/apparmor.d/usr.sbin.mysqld

Add the line:

/etc/mysql/*.sql r,

STEP 03) Restart MySQL

This should work for you. Give it a Try !!!