I know the importance of security and am quite fanatic about having proper security practices and aiming towards zero trust policies anywhere possible. I still managed to pick up a few new things, including considering anew the security implications of cloud-based hosting.
The most striking question that Mike brought up and which caused me pause was about virtual images. Hosting on AWS is extremely popular, and users have the perception of having a dedicated server. Most of my attention when thinking about security before went to security within the server (data architecture and encryption of data in the database) rather than security of the overall server image. Mike brought up the scenario of your AWS image, a virtual machine sitting somewhere in memory and disk, and an engineer somewhere having access to that virtual image and being able to do anything with it. How do you protect yourself in that scenario? Coming from that perspective, it made it obvious that security end-to-end and zero trust even of the (virtualized) hardware layer is important.
During the talk, Mike spoke about encrypting data within MySQL, PostgreSQL, Drizzle, and NoSQL databases Cassandra and MongoDB. Mike is Director of Products at Gazzang and prior to that, he was one of the senior product managers for MySQL both under Sun Microsystems and Oracle. He clearly knew his stuff.
Below are my notes from the talk.
1. Huge security risks out there. A new AWS instance spun up will get attacked (attempted) within minutes.
2. Non-obvious stuff that's important to protect:
- DB config files, log files, data directory
- Application source code
- Linux firewall
- AES 256, SHA 256, RSA
- Cloud provider's firewall and security
- Encrypted cloud storage
- Encrypted file system
- Access control restrictions
- In database (less ideal)
- OS kernel key ring
- Outside database
6. Database encryption functions for data at rest. Keys on outside key store.
7. Gazzang's product is ezNcrypt. How they solve it:
- On disk seamless encryption
- Keys stored outside DB
- Provide secure environment to run MySQL, Apache, PHP
- Handle ACLs
- Towards zero trust
9. Gazzang built on top of ecryptfs
- They added keys and access controls
- All files are AES-encrypted so files stolen (like if AWS hacked) are worthless
- Performance hit of encryption: 1% hit on transactions per second and latency.
- Single passphrase and salt or RSA key for system
- Each file encrypted with separate key which master key can access. This allows changing the master key without re-encrypting all data (that's smart).
- Can also use their product to do PHP and perl encryption.