You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Jason Brown (JIRA)" <ji...@apache.org> on 2016/02/10 22:28:18 UTC

[jira] [Updated] (CASSANDRA-7922) Add file-level encryption

     [ https://issues.apache.org/jira/browse/CASSANDRA-7922?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jason Brown updated CASSANDRA-7922:
-----------------------------------
    Description: 
Umbrella ticket for file-level encryption

Some use cases require encrypting files at rest for certain compliance needs: the health­care industry (HIPAA regulations), the card payment industry (PCI DSS regulations) or the US government (FISMA regulations). File system encryption can be used in some situations, but does not solve all problems. 

I can foresee the following components needing at-rest encryption:
- sstables (data, index, and summary files) (CASSANDRA-9633)
- commit log (CASSANDRA-6018)
- hints (CASSANDRA-11040)
- some systems tables (batches, not sure if any others)
- index/row cache
- secondary indexes

The work for those items would be separate tickets, of course. I have a working version of most of the above components working in 2.0, which I need to ship in production now, but it's too late for the 2.0 branch and unclear for 2.1.

Other products, such as Oracle/SqlServer/Datastax Enterprise commonly refer to at-rest encryption as Transparent Data Encryption (TDE), and I'm happy to stick with that convention, here, as well.

  was:
Some use cases require encrypting files at rest for certain compliance needs: the health­care industry (HIPAA regulations), the card payment industry (PCI DSS regulations) or the US government (FISMA regulations). File system encryption can be used in some situations, but does not solve all problems. 

I can foresee the following components needing at-rest encryption:
- sstables
- commit log (CASSANDRA-6018)
- indicies
- some systems tables (hints, batchlog, not sure if any others)
- row cache

The work for those items would be separate tickets, of course. I have a working version of most of the above components working in 2.0, which I need to ship in production now, but it's too late for the 2.0 branch and unclear for 2.1.

Other products, such as Oracle/SqlServer/Datastax Enterprise commonly refer to at-rest encryption as Transparent Data Encryption (TDE), and I'm happy to stick with that convention, here, as well.


> Add file-level encryption
> -------------------------
>
>                 Key: CASSANDRA-7922
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-7922
>             Project: Cassandra
>          Issue Type: New Feature
>            Reporter: Jason Brown
>            Assignee: Jason Brown
>              Labels: encryption, security
>             Fix For: 3.x
>
>
> Umbrella ticket for file-level encryption
> Some use cases require encrypting files at rest for certain compliance needs: the health­care industry (HIPAA regulations), the card payment industry (PCI DSS regulations) or the US government (FISMA regulations). File system encryption can be used in some situations, but does not solve all problems. 
> I can foresee the following components needing at-rest encryption:
> - sstables (data, index, and summary files) (CASSANDRA-9633)
> - commit log (CASSANDRA-6018)
> - hints (CASSANDRA-11040)
> - some systems tables (batches, not sure if any others)
> - index/row cache
> - secondary indexes
> The work for those items would be separate tickets, of course. I have a working version of most of the above components working in 2.0, which I need to ship in production now, but it's too late for the 2.0 branch and unclear for 2.1.
> Other products, such as Oracle/SqlServer/Datastax Enterprise commonly refer to at-rest encryption as Transparent Data Encryption (TDE), and I'm happy to stick with that convention, here, as well.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)