Methods and systems for securing and retrieving sensitive data using indexable databases

What is claimed is: 1. A method of building indexable databases of network events that include sensitive and non-sensitive fields of metadata, and securing the sensitive fields from viewing by a database service provider, the method comprising: hashing at least partial values of indexable sensitive fields among the sensitive fields, and producing non-reversible hash values; encrypting the sensitive fields of metadata; sending network event records including the hash values, the encrypted sensitive fields and the non-sensitive fields of metadata, to a remote database server operated by the database service provider, wherein the database service provider does not have access to a decryption key for the encrypted sensitive fields; and causing the remote database server to index the non-reversible hash values for indexed retrieval of the network event records. 2. The method of claim 1 , further including: rotating a key used for the encrypting, without changing a hashing function used for the hashing the indexable sensitive fields to the non-reversible hash values. 3. The method of claim 1 , further including: rotating a key used for the encrypting after an amount of data has been encrypted, without changing a hashing function used for the hashing the indexable sensitive fields to the non-reversible hash values. 4. The method of claim 1 , further causing the remote database server to index some non-sensitive data in the metadata. 5. The method of claim 1 , wherein the remote database server is provided by a service provider distinct from an organization performing the hashing, the encrypting and the sending and the organization does not give the service provider the decryption key. 6. The method of claim 1 , further including performing the hashing, the encrypting and the sending on premises of an organization distinct from a service provider that provides the remote database server. 7. The method of claim 1 , further including performing the hashing, the encrypting and the sending within a virtual private network dedicated to an organization, wherein the organization is distinct from a service provider that provides the remote database server, and the organization does not give the service provider the decryption key. 8. The method of claim 1 , further including using a symmetrical encryption function for the encrypting of the sensitive fields of metadata. 9. The method of claim 1 , further including using an asymmetrical encryption function for the encrypting of the sensitive fields of metadata. 10. A method of retrieving network events that include sensitive and non-sensitive fields of metadata, and securing the sensitive fields from viewing by a database service provider, including: receiving a query with a search value for an indexed sensitive field of metadata that is stored in an encrypted format on a remote database server that does not have access to a decryption key for the encrypted sensitive field; hashing at least part of the search value to a non-reversible hash value prior to querying the remote database server; querying the remote database server using the non-reversible hash value; receiving network event metadata responsive to the query, including an encrypted value of the indexed sensitive field subject to the query, additional encrypted values of one or more sensitive fields that are either indexed or not indexed, and clear text values of one or more non-sensitive metadata fields; and decrypting at least the network event metadata responsive to the query using the decryption key to which the database service provider does not have access. 11. The method of claim 10 , further including determining for each record of the network event metadata responsive to the query, a rotating key to be used to decrypt the record. 12. The method of claim 10 , wherein the query further includes an additional search value for metadata that is stored in an unencrypted format and using the additional search value in the querying of the remote database. 13. The method of claim 10 , further including processing at least the indexed sensitive field of metadata received from the remote database server responsive to the querying. 14. The method of claim 10 , wherein the remote database server is provided by a service provider distinct from an organization performing the hashing, the querying, the receiving and the decrypting and the organization does not give the service provider the decryption key. 15. The method of claim 10 , further including performing the hashing, the querying, the receiving and the decrypting on premises of an organization distinct from a service provider that provides the remote database server. 16. The method of claim 10 , further including performing the hashing, the querying, the receiving and the decrypting within a virtual private network dedicated to an organization, wherein the organization is distinct from a service provider that provides the remote database server, and the organization does not give the service provider the decryption key. 17. A method of responding to a query for sensitive and non-sensitive fields of metadata, with the sensitive fields secured from viewing by a database service provider responding to the request, including: receiving at a database server a query with a search value for an indexed sensitive field of metadata that is stored in an encrypted format on the database server, without the database server having access to a decryption key for the encrypted sensitive field; wherein at least part of the search value is a non-reversible hash value of at least part of the indexed sensitive field; responding to the query, using an index of non-reversible hash values for the indexed sensitive field, including returning an encrypted value of the indexed sensitive field subject to the query, clear text values of one or more metadata fields, and an additional encrypted value of an additional sensitive field that is either indexed or not indexed; and whereby a querying entity that has access to the decryption key, can decrypt the indexed sensitive field. 18. The method of claim 17 , wherein the hashing, the querying and the decrypting are performed remote to the database server by an organization distinct from a service provider that provides the database server. 19. The method of claim 17 , wherein the hashing, the querying and the decrypting are performed within a virtual private network dedicated to an organization, wherein the organization is distinct from a service provider that provides the database server, and the organization does not give the service provider the decryption key. 20. A tangible non-transitory computer readable storage media, including program instructions loaded into memory that, when executed on processors, cause the processors to implement a process that includes: identifying sensitive fields of metadata for network events for encryption and identifying indexable sensitive fields, among the sensitive fields, for hashing; hashing at least partial values in the indexable sensitive fields to non-reversible hash values and concatenating the non-reversible hash values with the metadata for the network events; encrypting the sensitive fields of metadata; and sending the metadata for the network events, with the non-reversible hash values and the encrypted sensitive fields, to a remote database server that does not have access to a decryption key for the encrypted sensitive fields and causing the remote database server to index the non-reversible h