0

As an example, I am planning to host a Redis database with persistence on a server. To protect the data on the disk, I think, I have two options: A) Do read/write operations via an encryption layer. B) Apply Full Disk Encryption (FDE) and let Redis to read/write as usual.

What are the pros and cons of the both the approaches above? What factors should I consider?

There seems to be some similarity here Database encryption or application level encryption? It is about db and application level encryption; but, my question is about the disk and an application (such as a db) level.

Community
  • 1
  • 1
cogitoergosum
  • 2,309
  • 4
  • 38
  • 62
  • 2
    It also depends what scenarios you're trying to protect against. – Thijs van Dien Nov 18 '14 at 01:07
  • @iThink well, wouldn't Redis (or any other application) incur an overhead while implementing a encryption solution? In some cases, the software vendor may even apply steeper charges for utilizing encryption features. What if the software vendor insisted on cryptographic hardware for their encryption solution? – cogitoergosum Nov 18 '14 at 01:46
  • @ThijsvanDien Basically, similar to laptops; that is, even if the disk is stolen, the data couldn't be retrieved because the full disk is encrypted. (Or, am I being too naive? ) – cogitoergosum Nov 18 '14 at 01:48
  • I think it really depends on how valuable to you your data is - is it worth hard disk encyrption? Are your harddisks at risk of being stolen? Application encryption may be enough. I have no idea if Redis would incur an overhead. I would first assess exactly what you need before you decide on what you want. – Josh Nov 18 '14 at 01:58
  • Apart from value of the data, the one other parameter I am looking at is the ease of application development and minimizing any other installation overheads. If I had FDE in place, then (I am guessing) applications needn't change as the protection is offered by the disk itself. – cogitoergosum Nov 18 '14 at 08:57
  • Yes, if you're only trying to protect against the case of a stolen hard drive, full disk encryption makes more sense; simpler and effective. But that won't help you whenever someone manages to access the disk through a running system. – Thijs van Dien Nov 18 '14 at 16:14
  • Thijsvandien, the last sentence...how do you mean? – cogitoergosum Nov 18 '14 at 16:46

0 Answers0