[
https://issues.apache.org/jira/browse/CASSANDRA-7922?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jason Brown updated CASSANDRA-7922:
-----------------------------------
Description:
Umbrella ticket for file-level encryption
Some use cases require encrypting files at rest for certain compliance needs:
the healthcare industry (HIPAA regulations), the card payment industry (PCI
DSS regulations) or the US government (FISMA regulations). File system
encryption can be used in some situations, but does not solve all problems.
I can foresee the following components needing at-rest encryption:
- sstables (data, index, and summary files) (CASSANDRA-9633)
- commit log (CASSANDRA-6018)
- hints (CASSANDRA-11040)
- some systems tables (batches, not sure if any others)
- index/row cache
- secondary indexes
The work for those items would be separate tickets, of course. I have a working
version of most of the above components working in 2.0, which I need to ship in
production now, but it's too late for the 2.0 branch and unclear for 2.1.
Other products, such as Oracle/SqlServer/Datastax Enterprise commonly refer to
at-rest encryption as Transparent Data Encryption (TDE), and I'm happy to stick
with that convention, here, as well.
was:
Some use cases require encrypting files at rest for certain compliance needs:
the healthcare industry (HIPAA regulations), the card payment industry (PCI
DSS regulations) or the US government (FISMA regulations). File system
encryption can be used in some situations, but does not solve all problems.
I can foresee the following components needing at-rest encryption:
- sstables
- commit log (CASSANDRA-6018)
- indicies
- some systems tables (hints, batchlog, not sure if any others)
- row cache
The work for those items would be separate tickets, of course. I have a working
version of most of the above components working in 2.0, which I need to ship in
production now, but it's too late for the 2.0 branch and unclear for 2.1.
Other products, such as Oracle/SqlServer/Datastax Enterprise commonly refer to
at-rest encryption as Transparent Data Encryption (TDE), and I'm happy to stick
with that convention, here, as well.
> Add file-level encryption
> -------------------------
>
> Key: CASSANDRA-7922
> URL: https://issues.apache.org/jira/browse/CASSANDRA-7922
> Project: Cassandra
> Issue Type: New Feature
> Reporter: Jason Brown
> Assignee: Jason Brown
> Labels: encryption, security
> Fix For: 3.x
>
>
> Umbrella ticket for file-level encryption
> Some use cases require encrypting files at rest for certain compliance needs:
> the healthcare industry (HIPAA regulations), the card payment industry (PCI
> DSS regulations) or the US government (FISMA regulations). File system
> encryption can be used in some situations, but does not solve all problems.
> I can foresee the following components needing at-rest encryption:
> - sstables (data, index, and summary files) (CASSANDRA-9633)
> - commit log (CASSANDRA-6018)
> - hints (CASSANDRA-11040)
> - some systems tables (batches, not sure if any others)
> - index/row cache
> - secondary indexes
> The work for those items would be separate tickets, of course. I have a
> working version of most of the above components working in 2.0, which I need
> to ship in production now, but it's too late for the 2.0 branch and unclear
> for 2.1.
> Other products, such as Oracle/SqlServer/Datastax Enterprise commonly refer
> to at-rest encryption as Transparent Data Encryption (TDE), and I'm happy to
> stick with that convention, here, as well.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
