0

Is it possible to use different encryption for different databases inside of single Redshift?

I other words, I mean, that in case(theoretical case) for example of stolen hard drive from AWS data center, hackers will be unable to decrypt all databases on this drive with the same key?

alexanoid
  • 24,051
  • 54
  • 210
  • 410

1 Answers1

2

It appears that:

  • Each data block on disk encrypted with a different encryption key
  • Those encryption keys are then encrypted using a Database Encryption Key
  • That key is encrypted with a Cluster Encryption Key
  • That key is encrypted in AWS KMS with an encryption key specifically for Redshift in your account (as opposed to EC2, etc)

See: Amazon Redshift Database Encryption

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
  • thanks for your answer. Right now I'm choosing for multi-tenant solution between tenant per database or tenant per schema. Looks like tenant per schema is less secured approach for data in rest because all data keys will be encrypted with the same database encryption key instead of different database encryption keys as in case of tenant per database approach? – alexanoid Jul 02 '19 at 06:21
  • Every single disk block is encrypted with a different key. Each block holds 1MB of data. So, a 100MB database would involve _at least_ 100 different encryption keys. These 100+ encryption keys are then encrypted with a Database Encryption Key before being stored. – John Rotenstein Jul 02 '19 at 06:39
  • Thanks. So in other words — tenant per schema is less secure approach vs tenant per database but still pretty solidly secured in general and can be also used as multi-tenant solution? – alexanoid Jul 02 '19 at 06:44
  • I'd say _anything_ stored in Redshift is equally secure, from an "encryption-at-rest" standpoint. Ignoring encryption-at-rest, "tenant per schema" is less secure than "tenant per database" because it is possible that a badly configured `GRANT` permission could expose data to the wrong tenant. This is true for any database, not just Redshift. Of course, you should never give your customers direct access to a database, so it really comes down to whether your app is correctly coded to manage security. – John Rotenstein Jul 02 '19 at 06:54