Currently, only Analytics and Fundraising data are segmented within the cluster. We should segment off other sensitive data sources so not everyone with cluster access has access, and to provide some resilience against specific attacks.
Data that should probably be segmented:
- Password hashes / authentication data
- CheckUser data
- Private wikis