Database encryption on cloud
Firstly, we need to distinguish different levels of data encryption.
- Contents of database are always under a very strong password. Above that the server is accessible only to verified personnel via secret SSH keys. This alone ensures that your data is safe from outside attackers.
- Additionally, we are occasionally asked about encryption of data "at rest", which may seem as a higher security level, but in fact, has a rather limited effect...
Encryption of data at rest
The added security value of this encryption level is to protect the data from physical theft. Which means it is very useful for mobile devices that have a realistic probability of being stolen. However, when it comes to Easy Cloud, the hard disks are placed in highly secure data centers with 24/7 surveilance and armed guards, thus absolutely minimizing the risk of physical theft.
To debunk a common misconception - encryption of data at rest does not provide additional protection from hackers, simply because during server uptime the data is not encrypted. Protection from hackers is ensured by point 1. mentioned above.
It slows down the application
On the other hand, encrypting data at rest has a significant disadvantage that it adds latency to all operations - it slows down the database by almost 10 %. In case of Easy Redmine, which is highly database influenced, this is noticeable for end users.
While encrypting data at rest is possible on private cloud, it is not recommended due to outwheighing of disadvantages over added value.