Big news from the AWS team today. EBS volumes now support encryption at rest.
Many of Blumetech's clients have been worried about security when migrating to AWS. Specifically if their data is stored in clear text on the disk, what is to prevent Amazon from reading the data? There are 3rd Party solution in place to encrypt data on disk at rest. The best known company for this functionality is SafeNet. However, SafeNet is expensive and difficult to implement and maintain. It requires a high degree of domain specific knowledge to implement.
The new built-in feature with AWS is much easier to use. It's a simple checkbox when creating an EBS volume to enable encryption. Encryption is done using your private keys, so no one but you has access to the data.
There is always some performance hit from data at rest encryption. There is the additional IO to encrypt and decrypt the data with each write and read. No word yet on what that penality is. For most on disk encryption technologies it is usually a 10% performance hit.
More details can be found at http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
Comments