cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathan Haddad <...@jonhaddad.com>
Subject Re: Secure data
Date Wed, 01 Aug 2018 23:52:15 GMT
Ben has a good point here.  There's an advantage to encrypting in the
application, you can encrypt data per-account / user / [some other thing].
It's possible to revoke all access to all the data for a particular
[whatever] by simply deleting the encryption key.

Lots of options available.

On Wed, Aug 1, 2018 at 4:39 PM Ben Slater <ben.slater@instaclustr.com>
wrote:

> My recommendation is generally to look at encrypting in your application
> as it’s likely to be overall more secure than DB-level encryption anyway
> (generally the closer to the user you encrypt the better). I wrote a blog
> on this last year:
> https://www.instaclustr.com/securing-apache-cassandra-with-application-level-encryption/
>
> We also use encrypted GP2 EBS pretty widely without issue.
>
> Cheers
> Ben
>
> On Thu, 2 Aug 2018 at 05:38 Jonathan Haddad <jon@jonhaddad.com> wrote:
>
>> You can also get full disk encryption with LUKS, which I've used before.
>>
>> On Wed, Aug 1, 2018 at 12:36 PM Jeff Jirsa <jjirsa@gmail.com> wrote:
>>
>>> EBS encryption worked well on gp2 volumes (never tried it on any others)
>>>
>>> --
>>> Jeff Jirsa
>>>
>>>
>>> On Aug 1, 2018, at 7:57 AM, Rahul Reddy <rahulreddy1234@gmail.com>
>>> wrote:
>>>
>>> Hello,
>>>
>>> Any one tried aws ec2 volume encryption for Cassandra instances?
>>>
>>> On Tue, Jul 31, 2018, 12:25 PM Rahul Reddy <rahulreddy1234@gmail.com>
>>> wrote:
>>>
>>>> Hello,
>>>>
>>>> I'm trying to find a good document on to enable encryption for Apache
>>>> Cassandra  (not on dse) tables and commilogs and store the keystore in kms
>>>> or vault. If any of you already configured please direct me to
>>>> documentation for it.
>>>>
>>>
>>
>> --
>> Jon Haddad
>> http://www.rustyrazorblade.com
>> twitter: rustyrazorblade
>>
> --
>
>
> *Ben Slater*
>
> *Chief Product Officer <https://www.instaclustr.com/>*
>
> <https://www.facebook.com/instaclustr>   <https://twitter.com/instaclustr>
>    <https://www.linkedin.com/company/instaclustr>
>
> Read our latest technical blog posts here
> <https://www.instaclustr.com/blog/>.
>
> This email has been sent on behalf of Instaclustr Pty. Limited (Australia)
> and Instaclustr Inc (USA).
>
> This email and any attachments may contain confidential and legally
> privileged information.  If you are not the intended recipient, do not copy
> or disclose its content, but please reply to this email immediately and
> highlight the error to the sender and then immediately delete the message.
>


-- 
Jon Haddad
http://www.rustyrazorblade.com
twitter: rustyrazorblade

Mime
View raw message