Encryption increases the level of security in a digital environment.

Encryption protects sensitive data through encoding, so the data can only be accessed or decoded with a digital key. Encryption applies to both data at-rest and data in-transit.

Data at-rest, or data that is stored physically on a storage device such as a hard drive or cloud storage and not actively moving, is encrypted and digital keys are distributed to authorized users to decrypt it when needed.

Data en route between its source and its destination is known as data in-transit. End-to-end encryption utilizes protocols like Transparent Layer Security (TLS) to protect data in-transit. Each data transmitting session has a new digital key, which relies on proper authentication and can reduce the risk of unauthorized access.

CDP provides four different components for encryption solutions: Ranger KMS, Key Trustee Server, Key HSM, and Navigator Encrypt.

Ranger extends the Hadoop KMS functionality by allowing you to store keys in a secure database. The Key Trustee Server is a key manager that stores and manages cryptographic keys and other security artifacts. Key HSM allows the Key Trustee Server to seamlessly integrate with a hardware security module (HSM). Navigator Encrypt transparently encrypts and secures data at rest without requiring changes to your applications.

Figure 1. Encryption model demonstrating encryption at rest and in transit
Encryption model demonstrating encryption at rest and in transit