kudu-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patrick Angeles <patr...@cloudera.com>
Subject Re: Kudu - Data Encryption
Date Sat, 26 Mar 2016 18:59:03 GMT
Yes, or dm-crypt.

Patrick Angeles
Chief Architect Financial Services
151 West 26th Street Suite 1002 | New York, NY 10001
+1 (650) 644-3943

On Sat, Mar 26, 2016 at 8:50 AM, Jordan Birdsell <
jordan.birdsell.kdvm@statefarm.com> wrote:

> For clarification, are you talking about using something like ecryptfs?
>
>
> -----Original Message-----
> *From: *Patrick Angeles [patrick@cloudera.com]
> *Sent: *Friday, March 25, 2016 03:40 PM US Mountain Standard Time
> *To: *user@kudu.incubator.apache.org
> *Subject: *Re: Kudu - Data Encryption
>
> Hey Jordan,
>
> Volume-level encryption is at the filesystem level and so would
> effectively prevent physical theft and most OS-level attacks. In this
> sense, it is functionally as secure as HDFS encrypt.
>
> One thing HDFS encrypt lets you do, however, is to selectively encrypt
> certain files and directories. You can't do this with volume-level
> encryption -- it's all or nothing. Which might be fine for some use cases.
>
>
>
> Patrick Angeles
> Chief Architect Financial Services
> 151 West 26th Street Suite 1002 | New York, NY 10001
> +1 (650) 644-3943
>
> On Fri, Mar 25, 2016 at 5:45 PM, Jordan Birdsell <
> jordan.birdsell.kdvm@statefarm.com> wrote:
>
>> Hey Patrick,
>>
>>
>>
>> Thanks for the quick response. This approach would leave all data
>> unencrypted while Kudu is being used and thus only protect against physical
>> theft, would it not?  We’re looking for something more like the HDFS
>> encryption, prevents os-level attacks, unencrypted on the client, etc.
>> Sorry if I’ve misunderstood your meaning.
>>
>>
>>
>> Thanks,
>>
>> Jordan Birdsell
>>
>> Data Engineer
>>
>> State Farm - Research
>>
>>
>>
>> *From:* Patrick Angeles [mailto:patrick@cloudera.com]
>> *Sent:* Friday, March 25, 2016 4:54 PM
>> *To:* user@kudu.incubator.apache.org
>> *Subject:* Re: Kudu - Data Encryption
>>
>>
>>
>> Hey Jordan,
>>
>>
>>
>> It would help to understand your particular requirements. For example,
>> can it be solved using volume-level encryption? (This could be done today.)
>> Are you looking for per-table or per-column encryption?
>>
>>
>> Patrick Angeles
>>
>> Chief Architect Financial Services
>> 151 West 26th Street Suite 1002 | New York, NY 10001
>>
>> +1 (650) 644-3943
>>
>>
>>
>> On Fri, Mar 25, 2016 at 4:40 PM, Jordan Birdsell <
>> jordan.birdsell.kdvm@statefarm.com> wrote:
>>
>> In the release notes section I see mention that lack of encryption is a
>> current security limitation, however I do not see a JIRA for tracking this
>> feature.    Have I overlooked something or should I open a request?
>>
>>
>>
>> Jordan Birdsell
>>
>> Data Engineer
>>
>> State Farm - Research
>>
>>
>>
>>
>>
>
>

Mime
View raw message