If you want to protect against a key or other secret being exposed as the result of a system compromise, you would look to a HSM to perform cryptographic activities. Since the HSM is essentially its own little computer, the HSM would then have to be compromised, which is much more difficult.

You may also use a distributed or n-tier architecture between the application, database, and decryption such that the compromise of one system does not result in a compromise of the other components (e..g, put the DB on its own server with less services and access (bastion host).

Other measures would depend on who actually need the plaintext, e.g. If just the subject/user who put the data in, you can use some type of local decryption via a password or local security device / cryptocard.

If you want to protect against a key or other secret being exposed as the result of a system compromise, you would look to a HSM to perform cryptographic activities. Since the HSM is essentially its own little computer, the HSM would then have to be compromised, which is much more difficult.

You may also use a distributed or n-tier architecture between the application, database, and decryption such that the compromise of one system does not result in a compromise of the other components (e..g, put the DB on its own server with less services and access (bastion host).

Other measures would depend on who actually need the plaintext, e.g. If just the subject/user who put the data in, you can use some type of local decryption via a password or local security device / cryptocard.

Edit: Also posted this in the comments to another answers, but relevant to this conversation is homomorphic encryption. Based on your comment below, if you only want specific subjects to have access, look at a system like Mylar from MIT. However, you change the landscape if you want to talk about data which needs to be access by both humans and service accounts.