Protecting sensitive data in DynamoDB with searchable encryption
As architects, data security is a non-negotiable attribute of our solution designs. The traditional go-to technique to protect data is to build layers of controls around sensitive data. But there is always a constraint: sensitive data must be stored in plaintext. Why don’t we encrypt it? Because we can’t use it.
But what if we could encrypt it and perform range, match, and unique queries without ever decrypting it? This would allow us to exceed the design principles of the Security Pillar and protect data in transit, at rest, and in-use.
This isn't a hypothetical — it's something you can do today in DynamoDB and PostgreSQL.
In this talk you will learn:
- Why traditional encryption doesn’t give you the security outcomes you think it does
- What searchable encryption is, and how it works in DynamoDB (and PostgreSQL)
- How to use unique keys for every value you encrypt, while keeping your workloads fast and reliable