Noteworthy at Compose - Your databases and encryption

Published

This is your weekly summary of Compose news for those changes and updates which can make your life easier. In this edition, we talk about how to protect your own data, along with a look back at the week in Compose Articles.

Encryption

We get mail at Noteworthy and one recent mail asked: "Apart from TLS, what other encryption does Compose support?". It's a good question, especially as the GDPR deadline approaches, so let's look at Compose and Encryption.

Protecting your data

Because of the nature of a managed system, it is theoretically possible for operators to be able to see data in the various databases. For that reason, we do advise that where you are storing sensitive personal information, you encrypt it before storing it in the database. How you do this will depend on your application's language, framework and the database capabilities you are prepared to give up or engineer around to ensure the system continues to work.

For example, in this article we looked at encrypting fields using Ruby and Mongoid to implement symmetrical encryption on particular fields in a document. As another example, PostgreSQL users may want to look at the pgcrypto extension which adds cryptographic functions to the database itself.

These are examples are different approaches to the same issue, encrypting a field, one doing the encryption in the application, the other allowing an application to ask the database to do the encryption for it using an extension.

Encryption at Rest

If you have Compose Enterprise then your disk storage is protected by volume level encryption at rest on the servers.

If you don't have Compose Enterprise, then currently and generally, we do not have volume level encryption at rest on those servers. We are moving towards enabling encryption at rest on everything and will have a Noteworthy update on that progress by May 15th.

Compose Articles

In the past week of Compose Articles, we've looked at bulk uploading data into Elasticsearch and the latest news on database updates being released into the wild:

That's it for this week's Noteworthy at Compose. Onwards to next week!


Read more articles about Compose databases - use our Curated Collections Guide for articles on each database type. If you have any feedback about this or any other Compose article, drop the Compose Articles team a line at articles@compose.com. We're happy to hear from you.

Dj Walker-Morgan
Dj Walker-Morgan was Compose's resident Content Curator, and has been both a developer and writer since Apples came in II flavors and Commodores had Pets. Love this article? Head over to Dj Walker-Morgan’s author page to keep reading.

Conquer the Data Layer

Spend your time developing apps, not managing databases.