Re: privacy protection
If you want to encrypt values at the client, you might want to check out this talk: https://springoneplatform.io/2018/sessions/implementing-pii-encryption-with-pdx-serialization Anthony > On Jan 21, 2020, at 10:45 AM, Michael Oleske wrote: > > Something to consider is what scenarios do you want to protect against. > Full disk encryption protects against a drive pull attack, such as an > attack walks into a data storage room full disks, pulls a disk from the > room, and then makes a run for it. Since the full disk is encrypted, the > attacker will have to break that. Encrypting values protects against > insiders from seeing values, such as a rogue administrator that is trying > to get personally identifiable information (they would be able to decrypt > the disk, but wouldn't be able to decrypt the values). I'm personally not > sure what Geode needs to do or could be doing versus what's best practice > when building applications that use Geode/when running Geode. > > -michael > > On Tue, Jan 21, 2020 at 10:33 AM Dan Smith wrote: > >> Hi Mario, >> >> It's something we've talked about before, I think it would be a good idea. >> The two workarounds I have seen done are >> - full disk encryption - storing the geode disk files on an encrypted disk >> - encrypting values - At the client side, converting values into encrypted >> bytes before storing them in geode. >> >> But it would nice to just support encryption at the disk store level. >> >> -Dan >> >> On Tue, Jan 21, 2020 at 4:21 AM Udo Kohlmeyer wrote: >> >>> Hi there Mario, >>> >>> The idea of encryption-at-rest, is something that has been on my radar >>> for at least 4yrs now. >>> >>> I would not mind having a chat about what your requirements are and how >>> we can get this into Geode. >>> >>> Looking forward to chatting to you about this. >>> >>> --Udo >>> >>> On 1/15/20 2:20 AM, Mario Kevo wrote: Hi geode-dev, Is it possible somehow to protect all files that containing user >> data(or >>> user data itself) being stored in disk for Geode. This includes all persistence data(OpLogs), backups and possible other >>> files containing user data. Also protection is needed for all of the files potentailly used for >>> replication and cluster high availability mechanism. If this feature is not available, do you have it in the plan already? Do you included it in Geode roadmap? BR, Mario >>> >>
Re: privacy protection
Something to consider is what scenarios do you want to protect against. Full disk encryption protects against a drive pull attack, such as an attack walks into a data storage room full disks, pulls a disk from the room, and then makes a run for it. Since the full disk is encrypted, the attacker will have to break that. Encrypting values protects against insiders from seeing values, such as a rogue administrator that is trying to get personally identifiable information (they would be able to decrypt the disk, but wouldn't be able to decrypt the values). I'm personally not sure what Geode needs to do or could be doing versus what's best practice when building applications that use Geode/when running Geode. -michael On Tue, Jan 21, 2020 at 10:33 AM Dan Smith wrote: > Hi Mario, > > It's something we've talked about before, I think it would be a good idea. > The two workarounds I have seen done are > - full disk encryption - storing the geode disk files on an encrypted disk > - encrypting values - At the client side, converting values into encrypted > bytes before storing them in geode. > > But it would nice to just support encryption at the disk store level. > > -Dan > > On Tue, Jan 21, 2020 at 4:21 AM Udo Kohlmeyer wrote: > > > Hi there Mario, > > > > The idea of encryption-at-rest, is something that has been on my radar > > for at least 4yrs now. > > > > I would not mind having a chat about what your requirements are and how > > we can get this into Geode. > > > > Looking forward to chatting to you about this. > > > > --Udo > > > > On 1/15/20 2:20 AM, Mario Kevo wrote: > > > Hi geode-dev, > > > > > > Is it possible somehow to protect all files that containing user > data(or > > user data itself) being stored in disk for Geode. > > > This includes all persistence data(OpLogs), backups and possible other > > files containing user data. > > > Also protection is needed for all of the files potentailly used for > > replication and cluster high availability mechanism. > > > > > > If this feature is not available, do you have it in the plan already? > > > Do you included it in Geode roadmap? > > > > > > BR, > > > Mario > > > > > > > > >
Re: privacy protection
Hi Mario, It's something we've talked about before, I think it would be a good idea. The two workarounds I have seen done are - full disk encryption - storing the geode disk files on an encrypted disk - encrypting values - At the client side, converting values into encrypted bytes before storing them in geode. But it would nice to just support encryption at the disk store level. -Dan On Tue, Jan 21, 2020 at 4:21 AM Udo Kohlmeyer wrote: > Hi there Mario, > > The idea of encryption-at-rest, is something that has been on my radar > for at least 4yrs now. > > I would not mind having a chat about what your requirements are and how > we can get this into Geode. > > Looking forward to chatting to you about this. > > --Udo > > On 1/15/20 2:20 AM, Mario Kevo wrote: > > Hi geode-dev, > > > > Is it possible somehow to protect all files that containing user data(or > user data itself) being stored in disk for Geode. > > This includes all persistence data(OpLogs), backups and possible other > files containing user data. > > Also protection is needed for all of the files potentailly used for > replication and cluster high availability mechanism. > > > > If this feature is not available, do you have it in the plan already? > > Do you included it in Geode roadmap? > > > > BR, > > Mario > > > > >
Re: privacy protection
Hi there Mario, The idea of encryption-at-rest, is something that has been on my radar for at least 4yrs now. I would not mind having a chat about what your requirements are and how we can get this into Geode. Looking forward to chatting to you about this. --Udo On 1/15/20 2:20 AM, Mario Kevo wrote: Hi geode-dev, Is it possible somehow to protect all files that containing user data(or user data itself) being stored in disk for Geode. This includes all persistence data(OpLogs), backups and possible other files containing user data. Also protection is needed for all of the files potentailly used for replication and cluster high availability mechanism. If this feature is not available, do you have it in the plan already? Do you included it in Geode roadmap? BR, Mario
Odg: privacy protection
Hi, Just kindly reminder on this. BR, Mario Šalje: Mario Kevo Poslano: 14. siječnja 2020. 16:20 Prima: dev@geode.apache.org Predmet: privacy protection Hi geode-dev, Is it possible somehow to protect all files that containing user data(or user data itself) being stored in disk for Geode. This includes all persistence data(OpLogs), backups and possible other files containing user data. Also protection is needed for all of the files potentailly used for replication and cluster high availability mechanism. If this feature is not available, do you have it in the plan already? Do you included it in Geode roadmap? BR, Mario
privacy protection
Hi geode-dev, Is it possible somehow to protect all files that containing user data(or user data itself) being stored in disk for Geode. This includes all persistence data(OpLogs), backups and possible other files containing user data. Also protection is needed for all of the files potentailly used for replication and cluster high availability mechanism. If this feature is not available, do you have it in the plan already? Do you included it in Geode roadmap? BR, Mario
