Menu
If we have a MySQL RDS in AWS which can only be accessed from the EC2's in the private subnet then is there any benefit in encrypting it from security point of view (Using default RDS encryption). Because the only way somebody can access the DB is when he gets inside the private subnet of AWS and in that case encrypting and not encrypting does not help as anyway the hacker can access the data from the EC2. Then only difference it would make it is that with encrypted RDS it will take him more time to dump the data and copy it somewhere else for his use. Otherwise what are the other benefits of having a private RDS instance encrypted? Assuming the only backup's of DB are in AWS itself using its default DB Instance backup, so nobody can access the data directly from DB backups too.
316
Defense in depth is one great reason to do this. Are you 100% certain that accessing the database from EC2 is the only way a person can get this database in their possession? (The answer should be no.)
Full database encryption causes minimal performance degradation; it's not nearly as bad as encrypting individual fields, which can cause 5-6% slower read/write times on an encrypted column.
121
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
