Encyrption at rest use-case problem description is too narrow #32
Labels
documentation
Improvements or additions to documentation
Comments
k-wall
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The problem description is too narrow. It focuses on the cloud use-case and omits to mention that the same problem may exist within an organisation.
Tom said:
This is a specific example of a problem that can exist even without cloud in the picture. It's simply about the trust boundaries within an organisation. If compliance requirements dictate that the people (internal or external) who run the Kafka cluster (and therefore have broker access) should not be trusted to see the business data being stored there (e.g. by some other business function in the org) then essentially the same problem exists.
If we're aiming this at decision makers then let's not give them the excuse of misunderstanding and thinking "we run Kafka on-prem, so this doesn't apply to us". I.e. describe the general problem and use cloud only as ac concrete example of it.
Originally posted by @tombentley in #25 (comment)
The text was updated successfully, but these errors were encountered: