git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure data


Ben has a good point here.  There's an advantage to encrypting in the application, you can encrypt data per-account / user / [some other thing].  It's possible to revoke all access to all the data for a particular [whatever] by simply deleting the encryption key.

Lots of options available.

On Wed, Aug 1, 2018 at 4:39 PM Ben Slater <ben.slater@xxxxxxxxxxxxxxx> wrote:
My recommendation is generally to look at encrypting in your application as it’s likely to be overall more secure than DB-level encryption anyway (generally the closer to the user you encrypt the better). I wrote a blog on this last year: https://www.instaclustr.com/securing-apache-cassandra-with-application-level-encryption/

We also use encrypted GP2 EBS pretty widely without issue.

Cheers
Ben 

On Thu, 2 Aug 2018 at 05:38 Jonathan Haddad <jon@xxxxxxxxxxxxx> wrote:
You can also get full disk encryption with LUKS, which I've used before.

On Wed, Aug 1, 2018 at 12:36 PM Jeff Jirsa <jjirsa@xxxxxxxxx> wrote:
EBS encryption worked well on gp2 volumes (never tried it on any others)

-- 
Jeff Jirsa


On Aug 1, 2018, at 7:57 AM, Rahul Reddy <rahulreddy1234@xxxxxxxxx> wrote:

Hello,

Any one tried aws ec2 volume encryption for Cassandra instances?

On Tue, Jul 31, 2018, 12:25 PM Rahul Reddy <rahulreddy1234@xxxxxxxxx> wrote:
Hello,

I'm trying to find a good document on to enable encryption for Apache Cassandra  (not on dse) tables and commilogs and store the keystore in kms or vault. If any of you already configured please direct me to documentation for it.


--
Jon Haddad
http://www.rustyrazorblade.com
twitter: rustyrazorblade
--

Ben Slater
Chief Product Officer

    

Read our latest technical blog posts here.

This email has been sent on behalf of Instaclustr Pty. Limited (Australia) and Instaclustr Inc (USA).

This email and any attachments may contain confidential and legally privileged information.  If you are not the intended recipient, do not copy or disclose its content, but please reply to this email immediately and highlight the error to the sender and then immediately delete the message.



--
Jon Haddad
http://www.rustyrazorblade.com
twitter: rustyrazorblade