New Feature : In-transit encryption for boot and block volumes
Services : Block Volume
Release Month : Jan 2019
Data is often considered less secured when in movement. It could be across two servers , two data center , between two services, between cloud and on-premise or between two cloud providers. Wherever data is moving , data protection methods should be implemented for in transit data that are critical. While organization care more about data at rest , protecting sensitive data in-transit should also be given high importance as attackers find new methods to steal data.
Encryption is the best way to protect data in-transit. This is done by encrypting the data before sending it , authenticating the end points and decryption once the data is received.
OCI block volume service encrypts all block volumes at rest and their backups as well using AES Advanced Encryption Standard algorithms with 256-bit encryption. Data moving between the instance and the block volume is transferred over an internal and highly secure network. This transfer could be encrypted with this feature announcement for paravirtualized volume attachments on virtual machines.
Optionally you can use the encryption keys managed by the key management service for volume encryption. if there is no service used oracle provided encryption key is used and this is for both data at rest and in-transit.
Here above when you specify the key for the block while creating then the same will be used for in-transit as well.