Also read PCI DSS Compliance on GCP and PCI Compliance Services on AWS

Hashing is never a great option for PII data (even less so for PCI data).

For instance, suppose someone has applied a cryptographic hash to first names.

All an attacker needs to do is find a list of common names, hash them all, and see which hash values match.

What’s the solution?

Use data encryption instead of hashing. If you are using a cloud provider for your data storage, you would most likely have default, at rest encryption. See this post for Redshift specific data encryption.

Anuj holds professional certifications in Google Cloud, AWS as well as certifications in Docker and App Performance Tools such as New Relic. He specializes in Cloud Security, Data Encryption and Container Technologies.

Initial Consultation

Anuj Varma – who has written posts on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.

 Twitter Linkedin