Thanks Jonathan/been/Jeff, Will look into encrypting in application
On Wed, Aug 1, 2018, 7:52 PM Jonathan Haddad <j...@jonhaddad.com> wrote: > Ben has a good point here. There's an advantage to encrypting in the > application, you can encrypt data per-account / user / [some other thing]. > It's possible to revoke all access to all the data for a particular > [whatever] by simply deleting the encryption key. > > Lots of options available. > > On Wed, Aug 1, 2018 at 4:39 PM Ben Slater <ben.sla...@instaclustr.com> > wrote: > >> My recommendation is generally to look at encrypting in your application >> as it’s likely to be overall more secure than DB-level encryption anyway >> (generally the closer to the user you encrypt the better). I wrote a blog >> on this last year: >> https://www.instaclustr.com/securing-apache-cassandra-with-application-level-encryption/ >> >> We also use encrypted GP2 EBS pretty widely without issue. >> >> Cheers >> Ben >> >> On Thu, 2 Aug 2018 at 05:38 Jonathan Haddad <j...@jonhaddad.com> wrote: >> >>> You can also get full disk encryption with LUKS, which I've used before. >>> >>> On Wed, Aug 1, 2018 at 12:36 PM Jeff Jirsa <jji...@gmail.com> wrote: >>> >>>> EBS encryption worked well on gp2 volumes (never tried it on any others) >>>> >>>> -- >>>> Jeff Jirsa >>>> >>>> >>>> On Aug 1, 2018, at 7:57 AM, Rahul Reddy <rahulreddy1...@gmail.com> >>>> wrote: >>>> >>>> Hello, >>>> >>>> Any one tried aws ec2 volume encryption for Cassandra instances? >>>> >>>> On Tue, Jul 31, 2018, 12:25 PM Rahul Reddy <rahulreddy1...@gmail.com> >>>> wrote: >>>> >>>>> Hello, >>>>> >>>>> I'm trying to find a good document on to enable encryption for Apache >>>>> Cassandra (not on dse) tables and commilogs and store the keystore in kms >>>>> or vault. If any of you already configured please direct me to >>>>> documentation for it. >>>>> >>>> >>> >>> -- >>> Jon Haddad >>> http://www.rustyrazorblade.com >>> twitter: rustyrazorblade >>> >> -- >> >> >> *Ben Slater* >> >> *Chief Product Officer <https://www.instaclustr.com/>* >> >> <https://www.facebook.com/instaclustr> >> <https://twitter.com/instaclustr> >> <https://www.linkedin.com/company/instaclustr> >> >> Read our latest technical blog posts here >> <https://www.instaclustr.com/blog/>. >> >> This email has been sent on behalf of Instaclustr Pty. Limited >> (Australia) and Instaclustr Inc (USA). >> >> This email and any attachments may contain confidential and legally >> privileged information. If you are not the intended recipient, do not copy >> or disclose its content, but please reply to this email immediately and >> highlight the error to the sender and then immediately delete the message. >> > > > -- > Jon Haddad > http://www.rustyrazorblade.com > twitter: rustyrazorblade >
