Register for the OpenStack Summit    Register Now

OpenStack Summit Presentations


"Encrypt. Everything. Everywhere."

By: Dustin Kirkland

72% of the 21 million health care records that have been compromised in the United States since September of 2009 should have been trivially protected using comprehensive encryption of the data before being written to disk.  See: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html.

A busy OpenStack compute node might spin up hundreds or thousands of instances per day.  Ephemeral, block, and object storage -- each and every one of these should always be encrypted before being written to the underlying physical media.  Multiple excellent file and disk encrpytion solutions exist in Linux, such as eCryptfs and dmcrypt.  With cryptographic co-processor acceleration (AES-NI) available on most modern CPUs, encryption is essentially "free""


Watch Presentation