0

Current setup is one standalone server with disk mount on NetApp. PostgreSQL version: 9.4

Goal: Data should be protected from access by other sources. Scenario: One of the Netapp admins mount the Postgres LUN to another server.

One option is to stored data locally - but then it is limited by capacity (and costly) The second option is to encrypt the data.

Since 3rd party is generating the data we cant touch the schema and add crypt function on the sensitive fields - tables are also too dynamic.

What would be the best (easy to implement, least affecting on performance ) option to implement from the suggested standard options?

Would you recommend other options like: safenet , cybertec

After reading this blog
I tend to think that the File system-level encryption might be the best solution. Is it?

Liran
  • 31
  • 3
  • 9
  • Solution: Induct the NetApp admin into your trusted circle. Contracts with NDA and confidentiality requirements, background checks & references, insurance. – Ben May 01 '18 at 08:06

1 Answers1

0

This is not really a technical problem, it is a legal problem.

Solution: Induct the NetApp admin into your trusted circle. Contracts with NDA and confidentiality requirements, background checks & references, insurance.

You cannot protect data from your technical staff because they need access to it for e.g. disaster recovery.

You can however reduce the trusted circle somewhat using technical measures. For data-at-rest encryption, an encrypted filesystem is generally the best solution - Just don't lose the keys.

Ben
  • 34,935
  • 6
  • 74
  • 113
  • Wrong. Not all technical staff should have access to sensitive data. No reason netapp admins should see the sensitive data. – Liran May 01 '18 at 08:22
  • Who said "all"? not me. "You can however reduce the trusted circle somewhat using technical measures" – Ben May 01 '18 at 08:23
  • Remember however, that whoever has the power to backup, restore and reboot the machine necessarily has access to the encryption keys, because they are required to restart the service. The only way to avoid this is to require an "ignition key" to be provided by someone else. And even here you have a man-in-the-middle issue where the admin can steal your keys by compromising the ignition key mechanism. – Ben May 01 '18 at 08:27
  • Thanks for your response. Staff aside - if NetApp is not secured enough and I must protect the data. which of the methods would you recommend? file system level encription/safenet solution/anything else? – Liran May 01 '18 at 10:41
  • "For data-at-rest encryption, an encrypted filesystem is generally the best solution - Just don't lose the keys." – Ben May 01 '18 at 11:13