Community Edition and GDPR

[David-BE]

The Community Edition doesn't seem to satisfy the GDPR Encryption at Rest requirement for privacy protection and leaves startups in a difficult situation.

The jump to Enterprise is a leap in complexity and a huge annual expense. Even with the 50% server discount available to startups from ArangoDB, the 'pay what you use' NoSQL offerings from the major cloud vendors are vastly more cost effective when bootstrapping. Perhaps GDPR is a great leverage point if you are trying to sell Enterprise licenses but it is important not to burden startups with brutal pricing tiers. ArangoDB is the solution we wish to support but the company isn't making it easy.

For those of us in startups that will be pre-revenue for an extended time - it is obvious that there is a missing license tier for ArangoDB that should provide access to built-in Encryption at Rest in single server mode. Enterprise Trial is too restrictive to be useful beyond internal testing.

We've been attempting to engage ArangoDB sales reps and executives in a dialog to address our concerns in this area and are still hopeful that will happen.

In the mean time I'd like to discover what methods have been successfully deployed to achieve Encryption at Rest in Community. Ideally we'd simply toggle encryption for specific Collections. Using disk encryption on our AWS persistent storage volume might be a solution but we have many collections that are read-only reference material that don't need this treatment. Thoughts on any of the above?

David

[jan.stuecke]

Hi David,

Jan from ArangoDB here.

Can fully understand that this GDPR thingy is non-trivial and maybe going "enterprise" to get all solutions out-of-the-box is not possible for you while bootstrapping despite our pretty fair pricing for the startup program (incl. consulting, workshop, 3-6months of dev support) or startup licenses for EE. 

My team here is also responsible to ensure GDPR-Compliance for ArangoDB and it is difficult to understand the hundreds of pages of the regulation. But as we take the privacy of personal data seriously, we think that GDPR-Compliance is a time-consuming task but nonetheless, the right path to go. Think the best strategy is to focus on the most important things and encryption is not necessarily one of them.

First of all, encryption is only mentioned 4 times in the 260 pages of the GDPR regulation and flagged as "nice to-have" NOT as mandatory https://www.krypsys.com/gdpr/encryption-mandatory-gdpr-compliance/. Second, it is also not specified what kind of "encryption" is referred to. If "encryption on transit" is needed, ArangoDB supports this via TLS for single instance, intra-cluster communication and intra-cluster role communication (e.g. Coordinator and DBserver reside on separate machines) already in the Community Edition.

If you want to ensure the permanent encryption of your data (at rest and backups), you have always the possibility to integrate other e.g. open source software to meet your security goals like LUKS or cryptographic service of your preferred cloud provider like  AWS KMS or Azure Key Vault. 

From my perspective, access control is important. Usage of Foxx services can ensure that sensible data never has to leave the database. Fine-grained access control is an important part of GDPR and with Foxx you can build a fine-grained access control down to the field level. You can find a tutorial here: https://www.arangodb.com/foxx-fine-grained-permissions/ A basic user management with access restrictions is available out-of-the-box in ArangoDB Community Edition as well. 

I found this article to be very helpful "GDPR - A practical guide for Developers": https://techblog.bozho.net/gdpr-practical-guide-developers/ as it described what is needed to be on the safe-side of things concerning GDPR. Maybe also helpful for you.

On a personal note, I feel it is a bit unfair to portray an open-source project as greedy or unfair to startups just because some features you would like to have out-of-the-box are bound to an enterprise edition. We would love to share all our work under Apache 2 and we did this for the better part of the project's existence. But, unfortunately, we had to learn that this is not a sustainable approach if the company leading the dev efforts wants to survive. If the company behind the enterprise edition goes broke, most likely the open-source edition will also vanish or at least stop being maintained/developed. So we have to find a balance between our fundamental beliefs and reality. Hope for your understanding here.

Hope I could help a bit and let me know if you have any further questions.

Best regards,

Jan

[Victor Paraschiv]

AWS volumes you mount in ECS are encrypted by default or you opt in for encryption at volume creation time. This is done by AWS for you with KMS keys . This includes EBS, EFS, FSx and ECS Ephemeral Storage (Fargate).
You can even plug in your KMS keys or customer's KMS keys if you have been given access to them. It should work.
V

[Simran Spiller]

Encryption at Rest and all other Enterprise Edition features are available in the Community Edition from v3.12.5 onward.