Ensuring buyer awareness is paramount for companies of all sizes. The specter of regulation and severe consequences serves as a constant motivator for safety teams working to ensure sensitive information remains inaccessible to both external and internal parties without proper authorization.
Encryption plays a crucial role in enabling secure data transmission and storage. While Rockset utilizes proprietary encryption for client data, certain security organizations require more control over managing their key rotation schedules and possess an emergency ‘break glass’ contingency plan in place to swiftly respond to potential breaches. To enable this, Rockset’s data assortment capabilities can now be securely encrypted at rest with BYOK. Clients retain full control over the master key, while granting the Rockset AWS account permission to perform encryption and decryption operations using that key.
Configuring Buyer-Managed Encryption Keys
To ensure compatibility with this characteristic, clients should create an AWS Key Management Service (KMS) key. Once a group is established and tied to the shopper’s provided KMS key ARN, all subsequent collections within that group are automatically encrypted using that key without requiring further action. While the encryption key ARN cannot be modified once a group has been created, clients do have the option to opt-in to use the provided key.
In the absence of a clear objective, individuals often default to habits that undermine their well-being.
When created, Rockset organizations leveraging Buyer-Managed Encryption Keys function identically to any other Rockset group, with the sole difference being the encryption key employed to safeguard the stored data. Despite this, clients still retain the flexibility to toggle or modify the coverage settings for the provided KMS key. Disallowing access to the encryption key will prevent Rockset from encrypting new data or decrypting existing dataset information, potentially causing query and ingestion errors within minutes.
If Rockset rapidly regains access to the crucial information, queries and ingestion become available within minutes. Despite being unavailable for an extended period, if the KMS key remains inaccessible, it triggers a cascading effect: all collections within the affected group halt their operations, while concurrently, any in-transit data and cached contents are thoroughly cleared out. The integration does not permit Rockset to retrieve information about buyer assortments. Collections that remain paused due to key unavailability for an extended period of time risk becoming irretrievable.
For added insights on leveraging customer-managed encryption keys within your Rockset cluster, explore our comprehensive resources today.
