Coming to PostgreSQL: On-disk database encryption

Re: why?

Every cloud thing is encrypted out of an abundance of fear. Considering AWS, where most of my experience is, you have the option of either using the default account key or your own per-instance KMS key for disk (ref: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/data-protection.html). The caveat here is that if someone gets access to your whole account, through IAM credential compromise or IAM permission stupidity, then they can access your data - just like if they root your box through SQL injection.

EC2 instances, in particular, are virtual machines. You can format virtual disks as you would any disk, use any filesystem (ext4, btrfs, zfs) that you like, and enable any (additional) encryption that you would like. RDS (managed database without a virtual machine) instances have a separate encryption flag to use your own key for at-rest encryption - but as always with anything aws, your data is never clear-text on disk.

All of this "extra" encryption is just multi-layer encryption - physical disk, logical disk, filesystem, now application layer - where no single layer of modern encryption has been compromised. Permissions, maybe - but it's usually the application layer that is compromised by external bugs, which fells all higher layers all at once. (Application layer and probably filesystem-layer encryption might save you if you set your permissions badly, where probably virtual-layer encryption will not.) All of the additional layers of encryption is yet-more compute overhead for data use -- power, latency, compute. (FWIW, modern encryption processing gets to - I read recently - 0.16 cycles per byte, with AVX-512 parallelization of PCLMUL(??) instructions.)

Re: why?

Two alternative answers.

1. Without seeing the exact details I suspect this encryption includes everything between the client and the storage medium. If that's the case it provided protection over and above what the network may already provide (on-prem that might well be nothing) so that it can't be observed by an eavesdropper or queried by anyone without an encryption key.

2. The cynical answer: it ticks another box on the ISO9000 inspired checklist.

Re: why?

If I get access to your server, I'm seeing every file there,

Secure database systems are what I do, and it is this exactly. I have worked on systems where PCI DSS is the minimum requirements, and data is generally much more sensitive that that.

Encrypted mounts only protect you until it is mounted. Then, anyone with access to login can take your data. TDE, while not the ultimate in DB encryption, means they have to get access to your database system as well to get unencrypted data. Most TDE integrations also encrypt your backup files.

If your data is worth keeping, you should be using TDE.

My first thought on seeing this article is; finally.

Re: why?

Also, there may be users with legitimate access to the disk but who should have no access to the data, or even the underlying files of the database system.

Re: why?

It's not storage encryption vs TDE, at least for performance reasons. They are different levels of security. I have worked for large corporations that were not comfortable with disk encryption, worrying that they might not be able to rebuild systems after a disaster. That is probably old thinking, but it still exists with corporate decision makers.

I remember when we first got the requirement to deploy TDE on SQL Server. There was a lot of concern over performance, so we did extensive testing. We were surprised that server load was negligible during the initial encryption and not measurable during day-to-day operations on a high volume transactional database.

I think if individual tables / fields were encrypted then it might but there would are all kinds of weird corner cases to think about, like full text search, GIN indexing and other weirdness.

Column level encryption only gets implemented on new systems or during a serious upgrade because it requires the application to be redesigned to encrypt/decrypt. Along with a full system outage while the app is upgraded at the same time the database is converted. And it's not just full text searches, it's all searches and indexes become difficult to impossible to implement. As far as table encryption, I haven't seen a use case where encrypting a whole table provides any benefit over TDE. Encryption is usually driven by specific column values, like SSN or cardholder data.

Re: Marketing?

> Would you leave your doors unlocked because you have security cameras?

Apples and oranges. Do you chain your TV to your wall, lock your kitchen drawers and cabinets, and your dresser, even while having locks on your doors?

No. That's absurd.

If someone is phished, if there is a logic error in the application, then the attacker has access -- it doesn't matter how many times things are encrypted. How often is it that an attacker exploits an OS-level vulnerability and gets shell access, without the ability to read API keys, without the ability to read application memory, and clearly that is not root and thus without the ability to read data straight off the disks - but still can read all data everywhere? The question makes you go - what?

The premise is absurd.