cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rahul Reddy <rahulreddy1...@gmail.com>
Subject Re: Secure data
Date Thu, 02 Aug 2018 00:00:42 GMT
Thanks Jonathan/been/Jeff,

Will look into encrypting in application

On Wed, Aug 1, 2018, 7:52 PM Jonathan Haddad <jon@jonhaddad.com> wrote:

> Ben has a good point here.  There's an advantage to encrypting in the
> application, you can encrypt data per-account / user / [some other thing].
> It's possible to revoke all access to all the data for a particular
> [whatever] by simply deleting the encryption key.
>
> Lots of options available.
>
> On Wed, Aug 1, 2018 at 4:39 PM Ben Slater <ben.slater@instaclustr.com>
> wrote:
>
>> My recommendation is generally to look at encrypting in your application
>> as it’s likely to be overall more secure than DB-level encryption anyway
>> (generally the closer to the user you encrypt the better). I wrote a blog
>> on this last year:
>> https://www.instaclustr.com/securing-apache-cassandra-with-application-level-encryption/
>>
>> We also use encrypted GP2 EBS pretty widely without issue.
>>
>> Cheers
>> Ben
>>
>> On Thu, 2 Aug 2018 at 05:38 Jonathan Haddad <jon@jonhaddad.com> wrote:
>>
>>> You can also get full disk encryption with LUKS, which I've used before.
>>>
>>> On Wed, Aug 1, 2018 at 12:36 PM Jeff Jirsa <jjirsa@gmail.com> wrote:
>>>
>>>> EBS encryption worked well on gp2 volumes (never tried it on any others)
>>>>
>>>> --
>>>> Jeff Jirsa
>>>>
>>>>
>>>> On Aug 1, 2018, at 7:57 AM, Rahul Reddy <rahulreddy1234@gmail.com>
>>>> wrote:
>>>>
>>>> Hello,
>>>>
>>>> Any one tried aws ec2 volume encryption for Cassandra instances?
>>>>
>>>> On Tue, Jul 31, 2018, 12:25 PM Rahul Reddy <rahulreddy1234@gmail.com>
>>>> wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> I'm trying to find a good document on to enable encryption for Apache
>>>>> Cassandra  (not on dse) tables and commilogs and store the keystore in
kms
>>>>> or vault. If any of you already configured please direct me to
>>>>> documentation for it.
>>>>>
>>>>
>>>
>>> --
>>> Jon Haddad
>>> http://www.rustyrazorblade.com
>>> twitter: rustyrazorblade
>>>
>> --
>>
>>
>> *Ben Slater*
>>
>> *Chief Product Officer <https://www.instaclustr.com/>*
>>
>> <https://www.facebook.com/instaclustr>
>> <https://twitter.com/instaclustr>
>> <https://www.linkedin.com/company/instaclustr>
>>
>> Read our latest technical blog posts here
>> <https://www.instaclustr.com/blog/>.
>>
>> This email has been sent on behalf of Instaclustr Pty. Limited
>> (Australia) and Instaclustr Inc (USA).
>>
>> This email and any attachments may contain confidential and legally
>> privileged information.  If you are not the intended recipient, do not copy
>> or disclose its content, but please reply to this email immediately and
>> highlight the error to the sender and then immediately delete the message.
>>
>
>
> --
> Jon Haddad
> http://www.rustyrazorblade.com
> twitter: rustyrazorblade
>

Mime
View raw message