#PostGresSQL conf 2016: #DataSecurity
Posted on April 18th, 2016
04/18/2016 @ New York Marriott Brooklyn Bridge
Several morning presentations concentrated on data security. Secure data sharing has several conflicting goals including
- Encourage data sharing
- Restricting who can see the data and who can pass on the rights to see the data
- Integrity of the original data including verification of the sender/originator
- Making protection transparent to users
Traditional approaches have concentrated on encryption that cannot be broken by outsiders and schemes so users can validate content and ensure confidential data transmission.
The following additional approaches/ideas were discusses
- Create a system when the data are self-protecting
- Enforce encryption at the object or attribute level?
- No security system will be water tight (except no access), so one needs to understand what are the major threats and what are the best solutions and the tradeoffs. Who can you trust?
- Can control be extended beyond the context of the system?
- Hardware Security Modules may offer more security but the raw key cannot be exported and could be hacked by the OS
- The use of point-to-point security systems so data is only available when needed.
- Point-to-point key management systems offer the possibility of understanding the usage patterns to identify security breaches
The problem is not software, it is the requirements. One wants to trust the user as much as possible and not rely on the service provider. However, in big organization, one needs a recovery key since there is premium on recovering lost data.