Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Is Amazon Aurora's security strong enough for enterprises?

Without encryption for data at rest, is encrypting data in transit with Amazon Aurora enough, or is it worth waiting for AWS Key Management System integration?

The new Amazon Aurora database is now available, but I read it does not offer all of the features that regular...

MySQL databases do, and it doesn't have AWS Key Management System integration yet. How will this affect enterprise security, and should enterprises wait to adopt the technology?

Amazon Aurora is a highly scalable MySQL-compatible relational database. Aurora is designed to be compatible with MySQL 5.6, at least at lower levels, so drivers and applications that work with MySQL 5.6 should work with Aurora. Not all MySQL features are available in Aurora. For example, Aurora uses the InnoDB storage engine, but the MyISAM storage engine is not available.

From a security perspective, the lack of encryption at rest is perhaps the most salient. According to the AWS Aurora FAQ:

"Q: Does Amazon Aurora encrypt my data in transit and at rest?
Amazon Aurora uses
SSL (AES-256) to secure data in transit. Encryption for data at rest will be available in a future release."

This is certainly going to limit Amazon Aurora's adoption. Any organization subject to regulations that require data encryption at rest will not be able to use Aurora unless they implement an application-based encryption process that ensures any data written to Aurora is encrypted prior to writing to the database. This requires customers to manage keys as well as the encryption and decryption process.

Some organizations may prefer this option since they retain control over the keys. High security organizations or those that manage confidential information on behalf of others may choose this route to mitigate the possibility of a disclosure. For example, if Amazon were subpoenaed to turn over a customer's data and it does not have access to the encryption keys, then it could only turn over encrypted data.

Lack of encryption at rest is a significant drawback relative to other RDS databases. Every organization needs to weigh the benefits of design choices against the security risks those choices entail. The current version of Aurora will appeal to those that need the scalability of the new database more than they need managed encryption at rest. For those who need key management and encryption at rest, consider other RDS services.

Next Steps

Learn more about different cloud database platform options

Find out what security controls Amazon Elastic File System offers

Understand how to choose between AWS and Azure cloud databases

This was last published in January 2016

Dig Deeper on Cloud Data Storage, Encryption and Data Protection Best Practices

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How does your organization manage encryption and decryption of data at rest for a cloud database?
Cancel

-ADS BY GOOGLE

SearchSecurity

  • Passive Python Network Mapping

    In this excerpt from chapter two of Passive Python Network Mapping, author Chet Hosmer discusses securing your devices against ...

  • Protecting Patient Information

    In this excerpt from chapter two of Protecting Patient Information, author Paul Cerrato discusses the consequences of data ...

  • Mobile Security and Privacy

    In this excerpt from chapter 11 of Mobile Security and Privacy, authors Raymond Choo and Man Ho Au discuss privacy and anonymity ...

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly

Close