One of the best parts of the perf SLA is we did it with all Data Encrypted at Re... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		voellm on May 11, 2017 \| parent \| context \| favorite \| on: Azure Cosmos DB, a globally distributed database One of the best parts of the perf SLA is we did it with all Data Encrypted at Rest. I'm biased. I lead security for CosmosDB.

sargun on May 11, 2017 [–]

Why is encryption at rest difficult? I presume it's all AES (hardware accelerated), with some key derived at system boot time?

Are y'all doing encryption in the D/C, or just on the WAN? If you're doing it on the WAN, any luck using MACSEC?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact