demonishen - Fotolia
The new Amazon Aurora database is now available, but I read it does not offer all of the features that regular MySQL databases do, and it doesn't have AWS Key Management System integration yet. How will this affect enterprise security, and should enterprises wait to adopt the technology?
Amazon Aurora is a highly scalable MySQL-compatible relational database. Aurora is designed to be compatible with MySQL 5.6, at least at lower levels, so drivers and applications that work with MySQL 5.6 should work with Aurora. Not all MySQL features are available in Aurora. For example, Aurora uses the InnoDB storage engine, but the MyISAM storage engine is not available.
This is certainly going to limit Amazon Aurora's adoption. Any organization subject to regulations that require data encryption at rest will not be able to use Aurora unless they implement an application-based encryption process that ensures any data written to Aurora is encrypted prior to writing to the database. This requires customers to manage keys as well as the encryption and decryption process.
Some organizations may prefer this option since they retain control over the keys. High security organizations or those that manage confidential information on behalf of others may choose this route to mitigate the possibility of a disclosure. For example, if Amazon were subpoenaed to turn over a customer's data and it does not have access to the encryption keys, then it could only turn over encrypted data.
Lack of encryption at rest is a significant drawback relative to other RDS databases. Every organization needs to weigh the benefits of design choices against the security risks those choices entail. The current version of Aurora will appeal to those that need the scalability of the new database more than they need managed encryption at rest. For those who need key management and encryption at rest, consider other RDS services.
Learn more about different cloud database platform options
Find out what security controls Amazon Elastic File System offers
Understand how to choose between AWS and Azure cloud databases
Dig Deeper on Cloud Data Storage, Encryption and Data Protection Best Practices
Related Q&A from Dan Sullivan
Docker's recent upgrade introduced support for hardware signing and in the future, automated security analysis on Docker images. Expert Dan Sullivan ... Continue Reading
Cisco's new project Contiv automates operational policies for containerized applications in the cloud. Expert Dan Sullivan explains the benefits of ... Continue Reading
Dropbox API abused by attackers posing as legitimate users in a huge spear phishing campaign. Expert Dan Sullivan explains how to mitigate the risks ... Continue Reading