TinkerPop and encryption

bz57

unread,

Jul 6, 2018, 11:37:07 PM7/6/18

to Gremlin-users

I am developing a healthcare app that will require HIPAA and GDPR compliance. It'll be great if TinkerPop can provide encryption of data at rest. Is this possible and if so any ideas on performance or benchmarks it has achieved under such circumstances?

Generally, are there any opinions on these compliances with the TinkerPop. I am evaluating JanusGraph and Neptune for Google and AWS deployments respectively. Any pointers / tips will be appreciated! Thanks.

Misha Brukman

unread,

Jul 7, 2018, 5:04:40 AM7/7/18

to gremli...@googlegroups.com

Disclosure: I work on Google Cloud Bigtable and JanusGraph.

Disclaimer: I am not a lawyer, and the following is not legal or compliance advice.

JanusGraph itself is a stateless service, hence, it is not subject to "encryption at rest" as it stores no data itself: it only caches data, but the data is actually stored in a backend storage system of your choice (e.g., Bigtable, HBase, Cassandra, etc.). So the question about encryption at rest, HIPAA compliance, etc. comes down to the actual storage system itself, not JanusGraph. However, the system that JanusGraph runs on (e.g., VMs or container service) may be subject to HIPAA compliance.

If you choose to run JanusGraph with Bigtable or a different storage backend on Google Cloud, then the answers are simple:

encryption at rest: all Google Cloud services encrypt data at rest by default and this cannot be disabled
HIPAA: GCE, GKE, Bigtable (and most other services) are HIPAA compliant; you may choose to use GCE or GKE together with Bigtable (or another storage solution, running on GCE or GKE) — all of these options would be HIPAA compliant

If you have further questions specifically about JanusGraph, please send them to janusgraph-users (at) googlegroups.com; if you have further questions about Google Cloud, that's probably off-topic for either this list or JanusGraph list — feel free to reach out to me directly.

Hope this helps,

Misha

On Fri, Jul 6, 2018 at 11:37 PM, bz57 <za...@techskylabs.com> wrote:

I am developing a healthcare app that will require HIPAA and GDPR compliance. It'll be great if TinkerPop can provide encryption of data at rest. Is this possible and if so any ideas on performance or benchmarks it has achieved under such circumstances?

Generally, are there any opinions on these compliances with the TinkerPop. I am evaluating JanusGraph and Neptune for Google and AWS deployments respectively. Any pointers / tips will be appreciated! Thanks.

--
You received this message because you are subscribed to the Google Groups "Gremlin-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gremlin-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gremlin-users/9f20b5a4-32dc-4cf1-94a8-da70db19f21a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Stephen Mallette

unread,

Jul 7, 2018, 7:32:45 AM7/7/18

to Gremlin-users

Misha had the right answer basically, but I'll go a step further. TinkerPop is not a "database". It is more of a framework and as a framework It has no knowledge of how data is stored (unless you are using TinkerGraph, i suppose - hehe). I think you want to look at the different graph databases that implement TinkerPop interfaces to best see which will satisfy your requirements.

On Sat, Jul 7, 2018 at 5:04 AM 'Misha Brukman' via Gremlin-users <gremli...@googlegroups.com> wrote:

Disclosure: I work on Google Cloud Bigtable and JanusGraph.
Disclaimer: I am not a lawyer, and the following is not legal or compliance advice.

JanusGraph itself is a stateless service, hence, it is not subject to "encryption at rest" as it stores no data itself: it only caches data, but the data is actually stored in a backend storage system of your choice (e.g., Bigtable, HBase, Cassandra, etc.). So the question about encryption at rest, HIPAA compliance, etc. comes down to the actual storage system itself, not JanusGraph. However, the system that JanusGraph runs on (e.g., VMs or container service) may be subject to HIPAA compliance.

If you choose to run JanusGraph with Bigtable or a different storage backend on Google Cloud, then the answers are simple:
encryption at rest: all Google Cloud services encrypt data at rest by default and this cannot be disabled
HIPAA: GCE, GKE, Bigtable (and most other services) are HIPAA compliant; you may choose to use GCE or GKE together with Bigtable (or another storage solution, running on GCE or GKE) — all of these options would be HIPAA compliant
If you have further questions specifically about JanusGraph, please send them to janusgraph-users (at) googlegroups.com; if you have further questions about Google Cloud, that's probably off-topic for either this list or JanusGraph list — feel free to reach out to me directly.

Hope this helps,
Misha

On Fri, Jul 6, 2018 at 11:37 PM, bz57 <za...@techskylabs.com> wrote:

I am developing a healthcare app that will require HIPAA and GDPR compliance. It'll be great if TinkerPop can provide encryption of data at rest. Is this possible and if so any ideas on performance or benchmarks it has achieved under such circumstances?

Generally, are there any opinions on these compliances with the TinkerPop. I am evaluating JanusGraph and Neptune for Google and AWS deployments respectively. Any pointers / tips will be appreciated! Thanks.

--
You received this message because you are subscribed to the Google Groups "Gremlin-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to gremlin-user...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/gremlin-users/9f20b5a4-32dc-4cf1-94a8-da70db19f21a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Gremlin-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to gremlin-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gremlin-users/CANgM2oO6O-ywySfuPZgKxX1eLfSnt0VdtgM_SamXqsQRc2459Q%40mail.gmail.com.

bz57

unread,

Jul 8, 2018, 2:13:05 AM7/8/18

to Gremlin-users

Thank you for your responses. I should've known that security is done at the datastore level. Appreciate your quick responses!

be...@amazon.com

unread,

Jul 9, 2018, 1:34:18 PM7/9/18

to Gremlin-users

Regarding Amazon Neptune, it does support encryption-at-rest with Amazon Key Management Service (KMS) keys. It is not yet an AWS HIPAA-eligible service, though we are working towards it.

https://docs.aws.amazon.com/neptune/latest/userguide/encrypt.html

bz57

unread,

Jul 10, 2018, 4:05:22 PM7/10/18

to Gremlin-users

Thank you for the response.

Reply all

Reply to author

Forward