Invariably when you start migrating to the cloud you'll find you need to encrypt some or all of your data that you store there. Apart from the performance hit this seems easy right?
Except when you start to think of how you are going to manage keys used to encrypt / decrypt.
Because your Data and your business logic (app servers) are no longer in your control you can't just leave your keys on your app server (EC2) instances. If a hacker compromises those data keys then they can access your data. The same is true in normal in-house environments but at least you can trust the folks who run your data center - or at least there is direct accountability - you can fire them or pursue them legally. If an AWS person in Tokyo for example goes rogue what is your recourse?
So your data encryption keys THEMSELVES need to be encrypted. OK not a big deal.
But now where do you store the "master" keys to decrypt the data keys . . . . and so on. Maybe you store the master keys in your non-cloud environment and call out from EC2 to get them (but now you could be subject to another type of attack). So far I haven't heard a good architectural solution (barring something like human based Two factor authentication required when starting up an EC2 instance? But now your auto-scaling is hosed).
Anyone have any ideas or see any workable reasonable solutions?
3 comments:
Rather than polling for keys from your EC2 instance, why not have a Manager daemon running on your private network, that monitors the state of your EC2 instances using the EC2 API.
If an instance reboots/is spun up, then the instance can defer mounting your encrypted data. The manager then detects that a new instance is ready, logs on, and injects the private key into whatever control process is running on that instance.
This way your keys are only ever held in memory on your instances (which is as good as you're going to get, I suspect), and you can still scale automatically.
Cool - I like it - as you are calling from a more "trusted" environment (your data center) into a less "trusted" environment (cloud) you have a bit more control. As you said its probably the best you can get.
fantastic and useful we thanks for publishing useful and information great to read it.
Software development in Rajkot,Gujarat,India
Post a Comment