We keep all process data in json. To increase the security level, the data (json) must be digitally signed/sealed, so that even database administrator who have access to Camunda history tables, cannot change the data (json) in backwards.
One option could be to use any external blockchain service (like https://guardtime.com/).
As a good result we are looking (or planning to develop) a Camunda plugin which could be responsible for signing every process task data when process task is completed.
In my experience there may be two aspects to what you want to achieve;
Confidentiality - only those who need access to the data can see the data
Integrity - tamper evident & non repudiation…
With regard to 1, encryption is the typical approach. This will likely apply to your process variables (and business data). Ive seen two approaches to this.
If you use something like AWS RDS, then you can encrypt the database such that data at rest, eg backups etc cannot be read without access to the encryption key. Access to the database by DBAs is audited rather than prevented.
With regard to 2, some approaches Ive seen are to create a tamper evident linked list in the audit/history table. Thus for each history entry perform a SHA256 hash of the entry’s content plush the hash of the prior record and store with the entry. More secure approaches use say an HMAC and/or an external timestamp service.
In the longer term, data encryption and a secure, tamper evident audit log would make useful feature requests…