Vol. 2 No. 2 (2022): African Journal of Artificial Intelligence and Sustainable Development
Articles

Data Encryption Techniques for Sensitive Applications in Amazon EKS

PDF
  • Babulal Shaik,
  • Srikanth Bandi,
  • Sai Charith Daggupati
Babulal Shaik
Cloud Solutions Architect at Amazon Web Services, USA
Srikanth Bandi
Software Engineer at JP Morgan chase, USA
Sai Charith Daggupati
Sr. IT BSA (Data systems) at CF Industries, USA
Cover

Published 18-07-2022

Keywords

  • Amazon EKS,
  • data encryption,
  • cloud security
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

How to Cite

[1]
Babulal Shaik, Srikanth Bandi, and Sai Charith Daggupati, “Data Encryption Techniques for Sensitive Applications in Amazon EKS ”, African J. of Artificial Int. and Sust. Dev., vol. 2, no. 2, pp. 419–440, Jul. 2022, Accessed: Dec. 28, 2024. [Online]. Available: https://africansciencegroup.com/index.php/AJAISD/article/view/221

Abstract

Data security is crucial in safeguarding sensitive applications, particularly as businesses move their workloads to cloud platforms. With the rise of containerized environments, Amazon Elastic Kubernetes Service (EKS) has become a widely adopted solution for managing applications at scale. However, securing the data within EKS clusters requires thoughtful implementation of encryption strategies to protect sensitive information. This article explores the various encryption techniques that can be applied to sensitive workloads running on Amazon EKS, focusing on data at rest and in transit. It begins by examining the security features of EKS, including the use of encryption for Amazon Elastic Block Store (EBS) volumes, Amazon S3 buckets, & other persistent storage services that store application data. These layers of encryption ensure that even if unauthorized access occurs, the data remains unreadable and secure. In addition to infrastructure-level encryption, the article delves into encrypting data within Kubernetes clusters, where securing communication between containers and applications is just as critical. Kubernetes supports transport layer security (TLS) to ensure that data exchanged between services remains encrypted during transit, reducing the risk of man-in-the-middle attacks. Best practices for encryption key management are also covered, as they play a key role in maintaining the security of encrypted data. Effective key management ensures that encryption keys are rotated regularly and stored securely to minimize the risk of compromise. The article provides insights into leveraging AWS Key Management Service (KMS) for managing encryption keys, along with advice on configuring & automating encryption tasks within Kubernetes environments. Beyond encryption, ensuring the integrity and confidentiality of data also involves monitoring and auditing access to sensitive information. The article discusses various tools and strategies for monitoring EKS workloads, detecting security vulnerabilities, and addressing potential breaches. By following the outlined encryption best practices and leveraging the right security tools, organizations can significantly strengthen the protection of sensitive applications running in Amazon EKS, achieving compliance and reducing the risk of data breaches in the cloud.

PDF

Downloads

Download data is not yet available.

References

  1. Sanka, S., Hota, C., & Rajarajan, M. (2010, December). Secure data access in cloud computing. In 2010 IEEE 4th International Conference on Internet Multimedia Services Architecture and Application (pp. 1-6). IEEE.
  2. Hota, C., Sanka, S., Rajarajan, M., & Nair, S. K. (2011). Capability-based cryptographic data access control in cloud computing. International Journal of Advanced Networking and Applications, 3(3), 1152-1161.
  3. Jurvanen, K. J. (2021). Using AWS Secrets Manager with Kubernetes.
  4. Koletka, R., & Hutchison, A. (2011, August). An architecture for secure searchable cloud storage. In 2011 Information Security for South Africa (pp. 1-7). IEEE.
  5. Kaaniche, N., & Laurent, M. (2017). Data security and privacy preservation in cloud storage environments based on cryptographic mechanisms. Computer Communications, 111, 120-141.
  6. Krishna, S. R., & Rani, B. P. (2013). Security Enhancement through Fine Grained Access Control in Cloud Computing. International Journal of Advanced Research in Computer Science, 4(11).
  7. Tysowski, P. K., & Hasan, M. A. (2013, January). Cloud-hosted key sharing towards secure and scalable mobile applications in clouds. In 2013 International Conference on Computing, Networking and Communications (ICNC) (pp. 449-455). IEEE.
  8. Routavaara, I. (2020). Security monitoring in AWS public cloud.
  9. Gómez Escobar, J. A. (2019). Design of a reference architecture for an IoT sensor network.
  10. Rocha, F. E. L. (2010). Privacy in cloud computing (Doctoral dissertation).
  11. Carnell, J., & Sánchez, I. H. (2021). Spring microservices in action. Simon and Schuster.
  12. Atwal, H., & Atwal, H. (2020). Dataops technology. Practical DataOps: Delivering Agile Data Science at Scale, 215-247.
  13. Zhang, Y., Li, M., Wilder, B., Yu, M., Bai, K., & Liu, P. (2011). NeuCloud: enabling privacy-preserving monitoring in cloud computing. View at.
  14. Medel Gracia, V., & ARRONATEGUI ARRIBALZAGA, U. N. A. I. (2018). Application Driven MOdels for Resource Management in Cloud Environments (Doctoral dissertation, Universidad de Zaragoza, Prensas de la Universidad).
  15. Bae, E. (2014). Nation-State Cyber Surveillance Options: The role of suppliers (Master's thesis).
  16. Boda, V. V. R., & Immaneni, J. (2021). Healthcare in the Fast Lane: How Kubernetes and Microservices Are Making It Happen. Innovative Computer Sciences Journal, 7(1).
  17. Immaneni, J. (2021). Using Swarm Intelligence and Graph Databases for Real-Time Fraud Detection. Journal of Computational Innovation, 1(1).
  18. Nookala, G., Gade, K. R., Dulam, N., & Thumburu, S. K. R. (2021). Unified Data Architectures: Blending Data Lake, Data Warehouse, and Data Mart Architectures. MZ Computing Journal, 2(2).
  19. Nookala, G. (2021). Automated Data Warehouse Optimization Using Machine Learning Algorithms. Journal of Computational Innovation, 1(1).
  20. Komandla, V. Strategic Feature Prioritization: Maximizing Value through User-Centric Roadmaps.
  21. Komandla, V. Enhancing Security and Fraud Prevention in Fintech: Comprehensive Strategies for Secure Online Account Opening.
  22. Thumburu, S. K. R. (2021). A Framework for EDI Data Governance in Supply Chain Organizations. Innovative Computer Sciences Journal, 7(1).
  23. Thumburu, S. K. R. (2021). EDI Migration and Legacy System Modernization: A Roadmap. Innovative Engineering Sciences Journal, 1(1).
  24. Gade, K. R. (2021). Cost Optimization Strategies for Cloud Migrations. MZ Computing Journal, 2(2).
  25. Gade, K. R. (2021). Cloud Migration: Challenges and Best Practices for Migrating Legacy Systems to the Cloud. Innovative Engineering Sciences Journal, 1(1).
  26. Katari, A. Conflict Resolution Strategies in Financial Data Replication Systems.
  27. Katari, A., & Rallabhandi, R. S. DELTA LAKE IN FINTECH: ENHANCING DATA LAKE RELIABILITY WITH ACID TRANSACTIONS.
  28. Boda, V. V. R., & Immaneni, J. (2019). Streamlining FinTech Operations: The Power of SysOps and Smart Automation. Innovative Computer Sciences Journal, 5(1).
  29. Nookala, G., Gade, K. R., Dulam, N., & Thumburu, S. K. R. (2020). Automating ETL Processes in Modern Cloud Data Warehouses Using AI. MZ Computing Journal, 1(2).
  30. Thumburu, S. K. R. (2020). Interfacing Legacy Systems with Modern EDI Solutions: Strategies and Techniques. MZ Computing Journal, 1(1).
  31. Muneer Ahmed Salamkar, et al. The Big Data Ecosystem: An Overview of Critical Technologies Like Hadoop, Spark, and Their Roles in Data Processing Landscapes. Journal of AI-Assisted Scientific Discovery, vol. 1, no. 2, Sept. 2021, pp. 355-77
  32. Muneer Ahmed Salamkar. Scalable Data Architectures: Key Principles for Building Systems That Efficiently Manage Growing Data Volumes and Complexity. Journal of AI-Assisted Scientific Discovery, vol. 1, no. 1, Jan. 2021, pp. 251-70
  33. Muneer Ahmed Salamkar, and Karthik Allam. “Data Lakes Vs. Data Warehouses: Comparative Analysis on When to Use Each, With Case Studies Illustrating Successful Implementations”. Distributed Learning and Broad Applications in Scientific Research, vol. 5, Sept. 2019
  34. Naresh Dulam, et al. “Data Mesh in Action: Case Studies from Leading Enterprises”. Journal of Artificial Intelligence Research and Applications, vol. 1, no. 2, Dec. 2021, pp. 488-09
  35. Naresh Dulam, et al. “Real-Time Analytics on Snowflake: Unleashing the Power of Data Streams”. Journal of Bioinformatics and Artificial Intelligence, vol. 1, no. 2, July 2021, pp. 91-114
  36. Naresh Dulam, and Karthik Allam. “Snowflake Innovations: Expanding Beyond Data Warehousing ”. Distributed Learning and Broad Applications in Scientific Research, vol. 5, Apr. 2019
  37. Sarbaree Mishra. “Improving the Data Warehousing Toolkit through Low-Code No-Code”. Journal of Bioinformatics and Artificial Intelligence, vol. 1, no. 2, Oct. 2021, pp. 115-137
  38. Sarbaree Mishra, and Jeevan Manda. “Incorporating Real-Time Data Pipelines Using Snowflake and Dbt”. Journal of AI-Assisted Scientific Discovery, vol. 1, no. 1, Mar. 2021, pp. 205-2
  39. Sarbaree Mishra, et al. Training Models for the Enterprise - A Privacy Preserving Approach. Distributed Learning and Broad Applications in Scientific Research, vol. 5, Mar. 2019
  40. Babulal Shaik. Network Isolation Techniques in Multi-Tenant EKS Clusters. Distributed Learning and Broad Applications in Scientific Research, vol. 6, July 2020
  41. Babulal Shaik. Automating Compliance in Amazon EKS Clusters With Custom Policies . Journal of Artificial Intelligence Research and Applications, vol. 1, no. 1, Jan. 2021, pp. 587-610

Similar Articles

You may also start an advanced similarity search for this article.