Hi,
Mongo Atlas is supporting the most import data security regulations: HIPAA, SOX, PCI
Let’s say, if I promoted my product as a business product and was asked to present specs of the DB security, I would refer to the link above indeed. This is having in mind that the Oplog is being taken care by Atlas.
What would you think about having the RedisOplog … oplog, with a non-compliant host or a host with no specified security levels or a host which is not particularly HIPAA, SOX or PCI compliant?
Do you feel we could/should add some specifications to the package about this particular thing. Perhaps some help for the developers in terms of awareness and how to achieve (and make sure of it) compliancy.
I added RedisOplog last night into one of my projects and being new to Redis I found it really challenging to understand all the bits and pieces in terms of achieving data privacy compliancy (did it over AWS EC2).
Tx,
Paul
2 Likes
Unfortunately I had to revert back to Oplog due to compliancies. My data transaction model is built 95% around non reactive lazy loads triggered from UX and for the social module where I use reactivity I’ll stick with Oplog until … this becomes a problem. I mainly use Meteor not for reactivity but because I am a small team and I can run JS everywhere … except Photoshop … though I’m still waiting for a JS version of it …
I tried to set a EC2 machine for Redis but it is next to impossible to get a TLS into it unless you hire a full NASA tech department. All users publish “myself” to themselves for profile data and tokens, counts etc. Unless Redis is fully encrypted at rest and in transit, even GDPR becomes a little of an issue.
I am very interested to hear from anyone about tests with Redis-Oplog over TLS, with encrypted data and see how the CPUs are doing vs costs.
My take away: unless really necessary and taking into consideration extra costs for a secured clustered (probably cluster of 3) Redis service the package did not satisfy my model. I feel that I might use in the future if:
- My infrastructure would be so large that I’d have to run my own clusters in AWS.
- Running my own clusters, I could run Node, DB and Redis in the same private network.
1 Like
Well… evolve or get extinct … now Redis with SSL.
Create a new account with AWS and avail of a 1 year free EC2 micro machine.
Add Ubuntu 16.04, ssh in the machine and install Nginx
sudo apt-get update
sudo apt-get install nginx
Add SSL. The following process will configure Nginx automatically and provides and option to redirect http into https:
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository universe
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot python-certbot-nginx
after installation
sudo vim /etc/nginx/sites-available/ ... your configuration file.
Get the service on a url: use Route53 to configure your domain. Add an A record IP of your Elastic EC2 IP for Nginx Redis machine. The machine is then available on https://subdomain.domain.com