DataStax Academy FAQ

DataStax Academy migrated to a new learning management system (LMS) in July 2020. We are also moving to a new Cassandra Certification process so there are changes to exam bookings, voucher system and issuing of certificates.

Check out the Academy FAQ pages for answers to your questions:


question

srujana.rite@gmail.com avatar image
srujana.rite@gmail.com asked ·

How do I setup Vormetric Application Encryption with DSE?

Ho to enable ENABLE APP Level Encryption in spring data application using VAE when No SSL, No DB TDE

for client - to node encryption : Cassandra server side ssl disabled / No DB TDE - trying to have app level encryption enabled using Vormetric Application Encryption (VAE) in DataStax platform - can someone point me to a sample implemenation of the above scenario

dsesecurityvormetric
10 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

Erick Ramirez avatar image
Erick Ramirez answered ·

The link you provided (http://www.vormetric.com/products/vormetric-application-encryption) appears to be obsolete. It might have something to do with Thales acquiring Vormetric a few years ago.

In any case, my understanding is that Vormetric Application Encryption provides a KMIP-compliant centralised key management solution among other things. Quoting the Thales website:

Vormetric Application Encryption delivers key management, signing, and encryption services enabling comprehensive protection of files, database fields, big data selections, or data in platform-as-a-service (PaaS) environments. ... Vormetric Application Encryption eliminates the time, complexity, and risk of developing and implementing an in-house encryption and key management solution while providing secure key management. Development options include a comprehensive, traditional software development kit for a wide range of languages and operating systems as well as a collection of RESTful APIs for the broadest platform support.

The last part of that quote about "development options" relates to you incorporating VAE's features in your application. That's up to you on how you implement that in your app since it doesn't have anything to do with the database.

As far as KMIP and a centralised key management service is concerned, the only aspect of DataStax Enterprise which allows you to use the service is to store encryption keys on a KMIP-compliant host for use with Transparent Data Encryption (TDE).

You've already mentioned that you are not using the TDE feature in DSE so you're left with implementing VAE within your application. Cheers!

Share
10 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.