Encryption at rest
Interested in people’s thoughts about encryption at rest in a datacentre environment.
There was a request for web hosting in a certain discussion group earlier today, and I noticed one of the respondents mentioned their web server encrypted content at rest.
I must admit, I’m in two minds about this. On one hand, yay, encryption (I’m a big advocate of encryption in general).
But on the other hand, in this environment, I’m not convinced it offers any appreciable benefit:
- The server needs to be able to decrypt the data, so it needs to have the passphrase in memory; if the server is compromised, the data is already exposed.
- The datacentre itself is (hopefully) already secure, so the physical aspect is somewhat moot.
The disadvantages with safe passphrase storage, however, are considerable:
- If the passphrase is stored locally (physical file on an unencrypted filesystem) then it’s really no better than no encryption at all.
- If the passphrase needs to be entered at a physical console (most secure, in theory), it would need an operator present whenever power is lost, or the server is rebooted, etc. etc., which means time to recovery (i.e. getting the server serving content again) could be way longer than most clients would find acceptable.
- If the passphrase can be entered at a remote console, then you’re relying on the server not having been compromised, otherwise keylogging software could quite easily capture the password as it’s entered. And it still extends recovery time if the passphrase needs entering by a human being after every restart (even remotely).
I think I’d take the view that provided your datacentre is a secure facility, encryption at rest for all but the most sensitive content is probably more of a hindrance than a help.
Interesting to hear others’ views on the topic.