Re: [DISCUSS] What to do about encryption at rest?

Tue, 03 Nov 2015 08:11:10 -0800 

Josef Roehrl - PHEMI wrote:

Thanks for exposing the issues on this.  I had equated 'stale' with
incomplete, but I was missing the point entirely.  In this case, 'stale'
equates to complete, working and stable (but not changing).


(pedantically) minus the intermediate-WAL recovery files not being encrypted


On Sat, Oct 31, 2015 at 4:22 PM, Josef Roehrl - PHEMI<[email protected]>
wrote:


For this reason, we were just thinking of waiting for Encryption at Rest
with HDFS.  Presumably, Accumulo could optimize encryption if it
implemented encryption itself with a few trade-offs.

On Fri, Oct 30, 2015 at 10:22 PM, William Slacum<[email protected]>
wrote:


So I've been looking into options for providing encryption at rest, and it
seems like what Accumulo has is abandonware from a project perspective.
There is no official documentation on how to perform encryption at rest,
and the best information from its status comes from year (or greater) old
ticket comments about how the feature is still experimental. Recently
there
was a talk that described using HDFS encryption zones as an alternative.

 From my perspective, this is what I see as the current situation:

1- Encryption at rest in Accumulo isn't actively being worked on
2- Encryption at rest in Accumulo isn't part of the public API or marketed
capabilities
3- Documentation for what does exist is scattered throughout Jira comments
or presentations
4- A viable alternative exists that appears to have feature parity in HDFS
encryption
5- HBase has finer grained encryption capabilities that extend beyond what
HDFS provides

Moving forward, what's the consensus for supporting this feature?
Personally, I see two options:

1- Start going down a path to bring the feature into the forefront and
start providing feature parity with HBase

or

2- Remove the feature and place emphasis on upstream encryption offerings

Any input is welcomed&  appreciated!




--


Josef Roehrl
Senior Software Developer
*PHEMI Systems*
180-887 Great Northern Way
Vancouver, BC V5T 4T5
604-336-1119
Website<http://www.phemi.com/>  Twitter<https://twitter.com/PHEMISystems>
  Linkedin
<http://www.linkedin.com/company/3561810?trk=tyah&amp;trkInfo=tarId%3A1403279580554%2Ctas%3Aphemi%20hea%2Cidx%3A1-1-1>




























					Reply via email to