Bringing Usable Crypto to 7 Million Developers

Most databases in use today have an implicit central trust model—the idea being that system operators have full privilege to access and manage the information being processed in order to perform their work. This poses a problem in at least two particular cases: one, when the workload contains highly sensitive or confidential information, and two, when data are being processed and stored on third-party infrastructure such as a public cloud provider. In a central (or server-side) trust model, a live database breach or leak from publicly-exposed backups or logs can be catastrophic. One approach to protect both data-at-rest and data-in-use is client-side end-to-end encryption, in which sensitive data are encrypted at the application level before ever being sent to the server. Unfortunately, for mature modern databases, few options for native client-side encryption have existed for developers, particularly in the open-source world.

This talk will present lessons learned from nearly two years of engineering work spanning every major programming language, hardware platform, and operating system, to bring simple, usable authenticated encryption as a first-class citizen to the most widely deployed NoSQL database in the world. Insights from simple use cases of small stand-alone servers to some of the most demanding global distributed mission systems will be discussed. We'll review promising emerging cryptography and discuss the practical impact to developers and system designers.