kudu-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jordan Birdsell <jordan.birdsell.k...@statefarm.com>
Subject RE: Kudu - Data Encryption
Date Sat, 26 Mar 2016 12:50:32 GMT
For clarification, are you talking about using something like ecryptfs?

-----Original Message-----
From: Patrick Angeles [patrick@cloudera.com<mailto:patrick@cloudera.com>]
Sent: Friday, March 25, 2016 03:40 PM US Mountain Standard Time
To: user@kudu.incubator.apache.org
Subject: Re: Kudu - Data Encryption

Hey Jordan,

Volume-level encryption is at the filesystem level and so would effectively prevent physical
theft and most OS-level attacks. In this sense, it is functionally as secure as HDFS encrypt.

One thing HDFS encrypt lets you do, however, is to selectively encrypt certain files and directories.
You can't do this with volume-level encryption -- it's all or nothing. Which might be fine
for some use cases.



Patrick Angeles
Chief Architect Financial Services
151 West 26th Street Suite 1002 | New York, NY 10001
+1 (650) 644-3943

On Fri, Mar 25, 2016 at 5:45 PM, Jordan Birdsell <jordan.birdsell.kdvm@statefarm.com<mailto:jordan.birdsell.kdvm@statefarm.com>>
wrote:
Hey Patrick,

Thanks for the quick response. This approach would leave all data unencrypted while Kudu is
being used and thus only protect against physical theft, would it not?  We’re looking for
something more like the HDFS encryption, prevents os-level attacks, unencrypted on the client,
etc. Sorry if I’ve misunderstood your meaning.

Thanks,
Jordan Birdsell
Data Engineer
State Farm - Research

From: Patrick Angeles [mailto:patrick@cloudera.com<mailto:patrick@cloudera.com>]
Sent: Friday, March 25, 2016 4:54 PM
To: user@kudu.incubator.apache.org<mailto:user@kudu.incubator.apache.org>
Subject: Re: Kudu - Data Encryption

Hey Jordan,

It would help to understand your particular requirements. For example, can it be solved using
volume-level encryption? (This could be done today.) Are you looking for per-table or per-column
encryption?

Patrick Angeles
Chief Architect Financial Services
151 West 26th Street Suite 1002 | New York, NY 10001
+1 (650) 644-3943<tel:%2B1%20%28650%29%20644-3943>

On Fri, Mar 25, 2016 at 4:40 PM, Jordan Birdsell <jordan.birdsell.kdvm@statefarm.com<mailto:jordan.birdsell.kdvm@statefarm.com>>
wrote:
In the release notes section I see mention that lack of encryption is a current security limitation,
however I do not see a JIRA for tracking this feature.    Have I overlooked something or should
I open a request?

Jordan Birdsell
Data Engineer
State Farm - Research



Mime
View raw message