SlideShare ist ein Scribd-Unternehmen logo

Securing Data in MongoDB with Gazzang and Chef

Als PPTX, PDF herunterladen
MongoDB
MongoDB

For the first time this year, 10gen will be offering a track completely dedicated to Operations at MongoSV, 10gen's annual MongoDB user conference on December 4. Learn more at MongoSV.com

1 von 24
Securing Data in MongoDB with Gazzang and Chef Robert Linden, Sr. Solutions Architect at Gazzang November 7, 2012
What’s in your Cloud? What data are you storing? 11/7/2012 Gazzang - All rights reserved 2012
What’s in your Cloud? How are you protecting that data? 11/7/2012 Gazzang - All rights reserved 2012
What’s in your Cloud? How are you managing the keys? 11/7/2012 Gazzang - All rights reserved 2012
Student Record Breaches • Since 2010, more than three million student records have been compromised due to hack attacks or lost, stolen or missing files. • This year alone… • 23,000 SSN’s breached at the University of North Florida • 16,000 SSN’s, birth dates and student ID’s breached from Eugene, Oregon school district • 650,000 records breached from University of Nebraska • 350,000 records from UNC Charlotte • and more…. 11/7/2012 Gazzang - All rights reserved 2012
Breaches Hit Every Industry 11/7/201 Gazzang - All rights reserved 2012 6 2
Data Security For MongoDB Gazzang, 10gen and Opscode Partner to Deliver Automated Enterprise-Class Data Security for MongoDB • Pre-built integration requires no changes to your application or database • Leverages automation tools for distributed deployment • World-class support available through Gazzang, 10gen and Opscode 11/7/2012 Gazzang - All rights reserved 2012
MongoDB Native Security Admin Users Regular Users User user1 user2 authentication user3 SSL encryption SSL encryption for client for inter-server connection traffic Primary Secondary Client Data Files Data Files 11/7/2012 Gazzang - All rights reserved 2012 8
Education Use Case on MongoDB Node 1 Node 2 Data Files Data Files Teacher First Name Bob Student Last Name Jones First Name Alice Email bob@xx.edu Last Name Smith Phone 555-5555 Email alice@yy.edu SSN XXX-XX-XXXX Grade 5th Address 804 Congress City Austin State TX 11/7/2012 Gazzang - All rights reserved 2012 9
Cloud Security Challenges • Protect Sensitive Data in the Cloud – Ensure sensitive data and encryption keys are never stored in plain text nor exposed publicly – Maintain control of your encryption keys and your proprietary data • Ensure Big Data Security – Harden Big Data infrastructures that have relatively weak security and no encryption protection – Maintain Big Data performance and availability • Enable Compliance – Encrypt data at rest and enforce tight access control policies – Protect your regulated data in the event of a breach 11/7/2012 Gazzang - All rights reserved 2012 10
Gazzang zNcrypt™ zNcrypt sits between the file system and ANY database, application or service running on Linux to encrypt data before it writes to the disk. • AES 256 encryption • Process-based ACLs • Maximum performance • Transparent data encryption • Enterprise scalability • Packaged support for MongoDB 11/7/2012 Gazzang - All rights reserved 2011 11
zNcrypt Architecture • Key Management – Off-site key storage – In the cloud / on premises – Hardened & highly available • Access Control – Process-based ACL rules – Transparent data encryption – Separate from users & groups • Encryption – Data at rest / AES-256 – File level encryption – Excellent performance 11/7/2012 Gazzang - All rights reserved 2012 12
ACL Rules and Encryption • MongoDB ACL Rule “ALLOW @mongodata * /home/mymongo/mongodb- linux/bin/mongod” This says that mongod is a trusted application, using the category @mongodata, and has access to the KSS where the Master Encryption Key is stored. • MongoDB data node directory encryption “ezncrypt --encrypt @mongodata /var/lib/mongodb/data/db/” This says that /data/db directory is encrypted, along with any new file or data saved to it. Only the MongoDB process will be able to “see” the data by linking encryption to the ACL w/ @mongodata. 11/7/2012 Gazzang - All rights reserved 2012 13
Key Management • zNcrypt KSS (Key Storage System) – Hardened SaaS offering (or within enterprise / private cloud) – Secure access from zNcrypt client, multiple layers of security – SaaS KSS configured with high availability / failover 11/7/2012 Gazzang - All rights reserved 2012 14
Ease of Deployment • Install zNcrypt – Package managers (yum, apt-get), Chef, Puppet, JuJu, etc • Create master encryption key – Passphrase method (optional “split security”) – RSA Key file method • Create ACLs – Simple command-lines (ALLOW/DENY style) – Almost any process or script allowed: • Virtually any application, process or script: MongoDB, MySQL, Apache, Tomcat, backup software, document management, etc • Encrypt data – Simple command line calls, down to the file level 11/7/2012 Gazzang - All rights reserved 2012 15
Chef – Opscode Community 11/7/2012 Gazzang - All rights reserved 2012 16
Chef - GitHub 11/7/2012 Gazzang - All rights reserved 2012 17
Live Demonstration Chef Using zNcrypt Cookbook November 7, 2012
Install MongoDB and zNcrypt with #chef-client 11/7/201 Gazzang - All rights reserved 2011 19 2
Install MongoDB and zNcrypt with #chef-client 11/7/201 Gazzang - All rights reserved 2011 20 2
Install MongoDB and zNcrypt with #chef-client 11/7/201 Gazzang - All rights reserved 2011 21 2
Gazzang Overview Gazzang provides big data security and diagnostics solutions and that help enterprises protect sensitive information and maintain performance in cloud environments – Based in Austin, Texas – Funded by Austin Ventures and Silver Creek Ventures – 225+ customers – SaaS, Healthcare, Financial Services, Government, Technology 11/7/2012 Gazzang - All rights reserved 2011 22
Thank You Q&A 11/7/2012 Gazzang - All rights reserved 2012 23
Protect Your MongoDB Data For more information contact us: info@gazzang.com Robert Linden robert.linden@gazzang.com 11/7/2012 Gazzang - All rights reserved 2012 24

Empfohlen

Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...
MongoDB
 
2° Ciclo Microsoft Fondazione CRUI 6° Seminario: Classificazione e protezion...
2° Ciclo Microsoft Fondazione CRUI 6° Seminario: Classificazione e protezion...2° Ciclo Microsoft Fondazione CRUI 6° Seminario: Classificazione e protezion...
2° Ciclo Microsoft Fondazione CRUI 6° Seminario: Classificazione e protezion...
Jürgen Ambrosi
 
FinalCode-At-A-Glance-Webcopy-Optimized
FinalCode-At-A-Glance-Webcopy-OptimizedFinalCode-At-A-Glance-Webcopy-Optimized
FinalCode-At-A-Glance-Webcopy-Optimized
Phillip Stalnaker
 
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
Jürgen Ambrosi
 
PCI Compliance Evolved
PCI Compliance EvolvedPCI Compliance Evolved
PCI Compliance Evolved
SafeNet
 
Encryption 2021
Encryption 2021Encryption 2021
Encryption 2021
JoeOrlando16
 
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet
 
Brochure Imperva Vormetric
Brochure Imperva VormetricBrochure Imperva Vormetric
Brochure Imperva Vormetric
Michelle Guerrero Montalvo
 

Empfohlen

Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...
MongoDB
 
2° Ciclo Microsoft Fondazione CRUI 6° Seminario: Classificazione e protezion...
2° Ciclo Microsoft Fondazione CRUI 6° Seminario: Classificazione e protezion...2° Ciclo Microsoft Fondazione CRUI 6° Seminario: Classificazione e protezion...
2° Ciclo Microsoft Fondazione CRUI 6° Seminario: Classificazione e protezion...
Jürgen Ambrosi
 
FinalCode-At-A-Glance-Webcopy-Optimized
FinalCode-At-A-Glance-Webcopy-OptimizedFinalCode-At-A-Glance-Webcopy-Optimized
FinalCode-At-A-Glance-Webcopy-Optimized
Phillip Stalnaker
 
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
Jürgen Ambrosi
 
PCI Compliance Evolved
PCI Compliance EvolvedPCI Compliance Evolved
PCI Compliance Evolved
SafeNet
 
Encryption 2021
Encryption 2021Encryption 2021
Encryption 2021
JoeOrlando16
 
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet
 
Brochure Imperva Vormetric
Brochure Imperva VormetricBrochure Imperva Vormetric
Brochure Imperva Vormetric
Michelle Guerrero Montalvo
 
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Mahmuda Rahman
 
Database Security
Database SecurityDatabase Security
Database Security
RabiaIftikhar10
 
Data security
Data securityData security
Data security
Tapan Khilar
 
Raabit and bacteria
Raabit and bacteriaRaabit and bacteria
Raabit and bacteria
sabin kafle
 
Data encryption in database management system
Data encryption in database management systemData encryption in database management system
Data encryption in database management system
Rabin BK
 
Secure Channels Financal Institution Presentation
Secure Channels Financal Institution PresentationSecure Channels Financal Institution Presentation
Secure Channels Financal Institution Presentation
Richard Blech
 
Build cost effective Security Data Lake + SIEM
Build cost effective Security Data Lake + SIEMBuild cost effective Security Data Lake + SIEM
Build cost effective Security Data Lake + SIEM
Rasool Irfan
 
марко Safe net@rainbow-informzashita - februar 2012
марко Safe net@rainbow-informzashita - februar 2012марко Safe net@rainbow-informzashita - februar 2012
марко Safe net@rainbow-informzashita - februar 2012
Валерий Коржов
 
Hadoop and Big Data Security
Hadoop and Big Data SecurityHadoop and Big Data Security
Hadoop and Big Data Security
Chicago Hadoop Users Group
 
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Bloombase
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security
STS
 
Data security
Data securityData security
Data security
ForeSolutions
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Falgun Rathod
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?
Ulf Mattsson
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisus
Primend
 
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBig Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Blue Coat
 
Tänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraTänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi Tara
ORACLE USER GROUP ESTONIA
 
Database security
Database securityDatabase security
Database security
MaryamAsghar9
 
Brochure Imperva Securesphere Vormetric Encryption
Brochure Imperva Securesphere Vormetric EncryptionBrochure Imperva Securesphere Vormetric Encryption
Brochure Imperva Securesphere Vormetric Encryption
Michelle Guerrero Montalvo
 
Data Security
Data SecurityData Security
Data Security
qmsWrapper
 
Apuntes administracionenferm estefania (1)
Apuntes administracionenferm estefania (1)Apuntes administracionenferm estefania (1)
Apuntes administracionenferm estefania (1)
Karethn Yepez
 
Las 10 reglas_básicas_de_la
Las 10 reglas_básicas_de_laLas 10 reglas_básicas_de_la
Las 10 reglas_básicas_de_la
institucion educativa ramon bueno y jose triana
 

Weitere ähnliche Inhalte

Was ist angesagt?

Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Mahmuda Rahman
 
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Bloombase
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?
Ulf Mattsson
 

Was ist angesagt? (20)

Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
 
Database Security
Database SecurityDatabase Security
Database Security
 
Data security
Data securityData security
Data security
 
Raabit and bacteria
Raabit and bacteriaRaabit and bacteria
Raabit and bacteria
 
Data encryption in database management system
Data encryption in database management systemData encryption in database management system
Data encryption in database management system
 
Secure Channels Financal Institution Presentation
Secure Channels Financal Institution PresentationSecure Channels Financal Institution Presentation
Secure Channels Financal Institution Presentation
 
Build cost effective Security Data Lake + SIEM
Build cost effective Security Data Lake + SIEMBuild cost effective Security Data Lake + SIEM
Build cost effective Security Data Lake + SIEM
 
марко Safe net@rainbow-informzashita - februar 2012
марко Safe net@rainbow-informzashita - februar 2012марко Safe net@rainbow-informzashita - februar 2012
марко Safe net@rainbow-informzashita - februar 2012
 
Hadoop and Big Data Security
Hadoop and Big Data SecurityHadoop and Big Data Security
Hadoop and Big Data Security
 
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security
 
Data security
Data securityData security
Data security
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisus
 
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBig Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat Protection
 
Tänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraTänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi Tara
 
Database security
Database securityDatabase security
Database security
 
Brochure Imperva Securesphere Vormetric Encryption
Brochure Imperva Securesphere Vormetric EncryptionBrochure Imperva Securesphere Vormetric Encryption
Brochure Imperva Securesphere Vormetric Encryption
 
Data Security
Data SecurityData Security
Data Security
 

Andere mochten auch

Revista Inmobiliaria Norte 2013
Revista Inmobiliaria Norte 2013Revista Inmobiliaria Norte 2013
Revista Inmobiliaria Norte 2013
Bankinter_es
 
MUS Wellness Challenge of the Month 2014
MUS Wellness Challenge of the Month 2014MUS Wellness Challenge of the Month 2014
MUS Wellness Challenge of the Month 2014
MUSWellness
 
Reporte de Entidades asociadas a IAB México, febrero 2015 - comScore
Reporte de Entidades asociadas a IAB México, febrero 2015 - comScoreReporte de Entidades asociadas a IAB México, febrero 2015 - comScore
Reporte de Entidades asociadas a IAB México, febrero 2015 - comScore
IAB México
 
.credit-suisse Statement regarding BGN and Corporate Governance at CSG
.credit-suisse Statement regarding BGN and Corporate Governance at CSG.credit-suisse Statement regarding BGN and Corporate Governance at CSG
.credit-suisse Statement regarding BGN and Corporate Governance at CSG
QuarterlyEarningsReports2
 
8 rad ako pisat texty urcene na preklad
8 rad ako pisat texty urcene na preklad8 rad ako pisat texty urcene na preklad
8 rad ako pisat texty urcene na preklad
lexikasro
 
Skipper Ltd_SKP Securities Ltd
Skipper Ltd_SKP Securities LtdSkipper Ltd_SKP Securities Ltd
Skipper Ltd_SKP Securities Ltd
Anik Das
 
Clase08
Clase08Clase08
Clase08
1 2d
 

Andere mochten auch (20)

Apuntes administracionenferm estefania (1)
Apuntes administracionenferm estefania (1)Apuntes administracionenferm estefania (1)
Apuntes administracionenferm estefania (1)
 
Las 10 reglas_básicas_de_la
Las 10 reglas_básicas_de_laLas 10 reglas_básicas_de_la
Las 10 reglas_básicas_de_la
 
Revista Inmobiliaria Norte 2013
Revista Inmobiliaria Norte 2013Revista Inmobiliaria Norte 2013
Revista Inmobiliaria Norte 2013
 
Boletin mercados internacionales 2014 017
Boletin mercados internacionales 2014 017Boletin mercados internacionales 2014 017
Boletin mercados internacionales 2014 017
 
MUS Wellness Challenge of the Month 2014
MUS Wellness Challenge of the Month 2014MUS Wellness Challenge of the Month 2014
MUS Wellness Challenge of the Month 2014
 
Reporte de Entidades asociadas a IAB México, febrero 2015 - comScore
Reporte de Entidades asociadas a IAB México, febrero 2015 - comScoreReporte de Entidades asociadas a IAB México, febrero 2015 - comScore
Reporte de Entidades asociadas a IAB México, febrero 2015 - comScore
 
.credit-suisse Statement regarding BGN and Corporate Governance at CSG
.credit-suisse Statement regarding BGN and Corporate Governance at CSG.credit-suisse Statement regarding BGN and Corporate Governance at CSG
.credit-suisse Statement regarding BGN and Corporate Governance at CSG
 
Regulament eliberare autorizatie
Regulament eliberare autorizatieRegulament eliberare autorizatie
Regulament eliberare autorizatie
 
8 rad ako pisat texty urcene na preklad
8 rad ako pisat texty urcene na preklad8 rad ako pisat texty urcene na preklad
8 rad ako pisat texty urcene na preklad
 
UALR School of Masscomm Broadcast Journalism
UALR School of Masscomm Broadcast JournalismUALR School of Masscomm Broadcast Journalism
UALR School of Masscomm Broadcast Journalism
 
Skipper Ltd_SKP Securities Ltd
Skipper Ltd_SKP Securities LtdSkipper Ltd_SKP Securities Ltd
Skipper Ltd_SKP Securities Ltd
 
Presentación EVOLV PERU
Presentación EVOLV PERUPresentación EVOLV PERU
Presentación EVOLV PERU
 
1 basquetbol
1 basquetbol1 basquetbol
1 basquetbol
 
Tempo January 2016
Tempo January 2016Tempo January 2016
Tempo January 2016
 
Microsoft Project
Microsoft ProjectMicrosoft Project
Microsoft Project
 
Jurnal kisman duko
Jurnal kisman dukoJurnal kisman duko
Jurnal kisman duko
 
Clase08
Clase08Clase08
Clase08
 
Instruction Manual LEUPOLD Tactical Scope | Optics Trade
Instruction Manual LEUPOLD Tactical Scope | Optics TradeInstruction Manual LEUPOLD Tactical Scope | Optics Trade
Instruction Manual LEUPOLD Tactical Scope | Optics Trade
 
Amipci2008
Amipci2008Amipci2008
Amipci2008
 
Laporan Seminar Android 2012 PEM
Laporan Seminar Android 2012 PEMLaporan Seminar Android 2012 PEM
Laporan Seminar Android 2012 PEM
 

Ähnlich wie Securing Data in MongoDB with Gazzang and Chef

Automating a Secure MongoDB Deployment with Opscode and Gazzang
Automating a Secure MongoDB Deployment with Opscode and GazzangAutomating a Secure MongoDB Deployment with Opscode and Gazzang
Automating a Secure MongoDB Deployment with Opscode and Gazzang
MongoDB
 
Cryptographie avancée et Logical Data Fabric : Accélérez le partage et la mig...
Cryptographie avancée et Logical Data Fabric : Accélérez le partage et la mig...Cryptographie avancée et Logical Data Fabric : Accélérez le partage et la mig...
Cryptographie avancée et Logical Data Fabric : Accélérez le partage et la mig...
Denodo
 
Webinar: Best Practices for Securing and Protecting MongoDB Data
Webinar: Best Practices for Securing and Protecting MongoDB DataWebinar: Best Practices for Securing and Protecting MongoDB Data
Webinar: Best Practices for Securing and Protecting MongoDB Data
MongoDB
 
MongoDB World 2019: New Encryption Capabilities in MongoDB 4.2: A Deep Dive i...
MongoDB World 2019: New Encryption Capabilities in MongoDB 4.2: A Deep Dive i...MongoDB World 2019: New Encryption Capabilities in MongoDB 4.2: A Deep Dive i...
MongoDB World 2019: New Encryption Capabilities in MongoDB 4.2: A Deep Dive i...
MongoDB
 
Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2
Oracle BH
 
Standardizing the Data Distribution Service (DDS) API for Modern C++
Standardizing the Data Distribution Service (DDS) API for Modern C++Standardizing the Data Distribution Service (DDS) API for Modern C++
Standardizing the Data Distribution Service (DDS) API for Modern C++
Sumant Tambe
 
Secure Data Sharing with the Denodo Platform
Secure Data Sharing with the Denodo PlatformSecure Data Sharing with the Denodo Platform
Secure Data Sharing with the Denodo Platform
Denodo
 
5. 2010 11-03 bucharest oracle-tech_day_security
5. 2010 11-03 bucharest oracle-tech_day_security5. 2010 11-03 bucharest oracle-tech_day_security
5. 2010 11-03 bucharest oracle-tech_day_security
Doina Draganescu
 
State of the art logging
State of the art loggingState of the art logging
State of the art logging
BalaBit
 
C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood
C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam HeywoodC* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood
C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood
DataStax Academy
 

Ähnlich wie Securing Data in MongoDB with Gazzang and Chef (20)

Automating a Secure MongoDB Deployment with Opscode and Gazzang
Automating a Secure MongoDB Deployment with Opscode and GazzangAutomating a Secure MongoDB Deployment with Opscode and Gazzang
Automating a Secure MongoDB Deployment with Opscode and Gazzang
 
Cryptographie avancée et Logical Data Fabric : Accélérez le partage et la mig...
Cryptographie avancée et Logical Data Fabric : Accélérez le partage et la mig...Cryptographie avancée et Logical Data Fabric : Accélérez le partage et la mig...
Cryptographie avancée et Logical Data Fabric : Accélérez le partage et la mig...
 
Mobile Development Meets Semantic Technology
Mobile Development Meets Semantic TechnologyMobile Development Meets Semantic Technology
Mobile Development Meets Semantic Technology
 
Encrypted Databases for Untrusted Cloud
Encrypted Databases for Untrusted CloudEncrypted Databases for Untrusted Cloud
Encrypted Databases for Untrusted Cloud
 
Webinar: Best Practices for Securing and Protecting MongoDB Data
Webinar: Best Practices for Securing and Protecting MongoDB DataWebinar: Best Practices for Securing and Protecting MongoDB Data
Webinar: Best Practices for Securing and Protecting MongoDB Data
 
MongoDB World 2019: New Encryption Capabilities in MongoDB 4.2: A Deep Dive i...
MongoDB World 2019: New Encryption Capabilities in MongoDB 4.2: A Deep Dive i...MongoDB World 2019: New Encryption Capabilities in MongoDB 4.2: A Deep Dive i...
MongoDB World 2019: New Encryption Capabilities in MongoDB 4.2: A Deep Dive i...
 
Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2
 
Java and Mongo
Java and MongoJava and Mongo
Java and Mongo
 
Scality, Cloud Storage pour Zimbra
Scality, Cloud Storage pour ZimbraScality, Cloud Storage pour Zimbra
Scality, Cloud Storage pour Zimbra
 
Standardizing the Data Distribution Service (DDS) API for Modern C++
Standardizing the Data Distribution Service (DDS) API for Modern C++Standardizing the Data Distribution Service (DDS) API for Modern C++
Standardizing the Data Distribution Service (DDS) API for Modern C++
 
Future Proofing MySQL by Robert Hodges, Continuent
Future Proofing MySQL by Robert Hodges, ContinuentFuture Proofing MySQL by Robert Hodges, Continuent
Future Proofing MySQL by Robert Hodges, Continuent
 
SPONSORED WORKSHOP by Cleversafe from Structure:Data 2012
SPONSORED WORKSHOP by Cleversafe from Structure:Data 2012SPONSORED WORKSHOP by Cleversafe from Structure:Data 2012
SPONSORED WORKSHOP by Cleversafe from Structure:Data 2012
 
Secure Data Sharing with the Denodo Platform
Secure Data Sharing with the Denodo PlatformSecure Data Sharing with the Denodo Platform
Secure Data Sharing with the Denodo Platform
 
5. 2010 11-03 bucharest oracle-tech_day_security
5. 2010 11-03 bucharest oracle-tech_day_security5. 2010 11-03 bucharest oracle-tech_day_security
5. 2010 11-03 bucharest oracle-tech_day_security
 
OMG DDS Security, 3rd revised submission
OMG DDS Security, 3rd revised submissionOMG DDS Security, 3rd revised submission
OMG DDS Security, 3rd revised submission
 
Creating a Multi-Layered Secured Postgres Database
Creating a Multi-Layered Secured Postgres DatabaseCreating a Multi-Layered Secured Postgres Database
Creating a Multi-Layered Secured Postgres Database
 
EFFICIENT AND SECURE MULTI-KEY-WORD SEARCH ON LARGE DATA ( PROJECT PRESENT...
EFFICIENT AND SECURE MULTI-KEY-WORD SEARCH ON LARGE DATA ( PROJECT PRESENT...EFFICIENT AND SECURE MULTI-KEY-WORD SEARCH ON LARGE DATA ( PROJECT PRESENT...
EFFICIENT AND SECURE MULTI-KEY-WORD SEARCH ON LARGE DATA ( PROJECT PRESENT...
 
State of the art logging
State of the art loggingState of the art logging
State of the art logging
 
C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood
C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam HeywoodC* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood
C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood
 
Megastore - ID2220 Presentation
Megastore - ID2220 PresentationMegastore - ID2220 Presentation
Megastore - ID2220 Presentation
 

Mehr von MongoDB

MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series DataMongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB
 
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB
 
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your MindsetMongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB
 
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep DiveMongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB
 
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & GolangMongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB
 

Mehr von MongoDB (20)

MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB AtlasMongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
 
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
 
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
 
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDBMongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
 
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
 
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series DataMongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
 
MongoDB SoCal 2020: MongoDB Atlas Jump Start
MongoDB SoCal 2020: MongoDB Atlas Jump Start MongoDB SoCal 2020: MongoDB Atlas Jump Start
MongoDB SoCal 2020: MongoDB Atlas Jump Start
 
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
 
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
 
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
 
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
 
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your MindsetMongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
 
MongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB .local San Francisco 2020: MongoDB Atlas JumpstartMongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
 
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
 
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
 
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
 
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep DiveMongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
 
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & GolangMongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
 
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
 
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
 

Securing Data in MongoDB with Gazzang and Chef

  • 1. Securing Data in MongoDB with Gazzang and Chef Robert Linden, Sr. Solutions Architect at Gazzang November 7, 2012
  • 2. What’s in your Cloud? What data are you storing? 11/7/2012 Gazzang - All rights reserved 2012
  • 3. What’s in your Cloud? How are you protecting that data? 11/7/2012 Gazzang - All rights reserved 2012
  • 4. What’s in your Cloud? How are you managing the keys? 11/7/2012 Gazzang - All rights reserved 2012
  • 5. Student Record Breaches • Since 2010, more than three million student records have been compromised due to hack attacks or lost, stolen or missing files. • This year alone… • 23,000 SSN’s breached at the University of North Florida • 16,000 SSN’s, birth dates and student ID’s breached from Eugene, Oregon school district • 650,000 records breached from University of Nebraska • 350,000 records from UNC Charlotte • and more…. 11/7/2012 Gazzang - All rights reserved 2012
  • 6. Breaches Hit Every Industry 11/7/201 Gazzang - All rights reserved 2012 6 2
  • 7. Data Security For MongoDB Gazzang, 10gen and Opscode Partner to Deliver Automated Enterprise-Class Data Security for MongoDB • Pre-built integration requires no changes to your application or database • Leverages automation tools for distributed deployment • World-class support available through Gazzang, 10gen and Opscode 11/7/2012 Gazzang - All rights reserved 2012
  • 8. MongoDB Native Security Admin Users Regular Users User user1 user2 authentication user3 SSL encryption SSL encryption for client for inter-server connection traffic Primary Secondary Client Data Files Data Files 11/7/2012 Gazzang - All rights reserved 2012 8
  • 9. Education Use Case on MongoDB Node 1 Node 2 Data Files Data Files Teacher First Name Bob Student Last Name Jones First Name Alice Email bob@xx.edu Last Name Smith Phone 555-5555 Email alice@yy.edu SSN XXX-XX-XXXX Grade 5th Address 804 Congress City Austin State TX 11/7/2012 Gazzang - All rights reserved 2012 9
  • 10. Cloud Security Challenges • Protect Sensitive Data in the Cloud – Ensure sensitive data and encryption keys are never stored in plain text nor exposed publicly – Maintain control of your encryption keys and your proprietary data • Ensure Big Data Security – Harden Big Data infrastructures that have relatively weak security and no encryption protection – Maintain Big Data performance and availability • Enable Compliance – Encrypt data at rest and enforce tight access control policies – Protect your regulated data in the event of a breach 11/7/2012 Gazzang - All rights reserved 2012 10
  • 11. Gazzang zNcrypt™ zNcrypt sits between the file system and ANY database, application or service running on Linux to encrypt data before it writes to the disk. • AES 256 encryption • Process-based ACLs • Maximum performance • Transparent data encryption • Enterprise scalability • Packaged support for MongoDB 11/7/2012 Gazzang - All rights reserved 2011 11
  • 12. zNcrypt Architecture • Key Management – Off-site key storage – In the cloud / on premises – Hardened & highly available • Access Control – Process-based ACL rules – Transparent data encryption – Separate from users & groups • Encryption – Data at rest / AES-256 – File level encryption – Excellent performance 11/7/2012 Gazzang - All rights reserved 2012 12
  • 13. ACL Rules and Encryption • MongoDB ACL Rule “ALLOW @mongodata * /home/mymongo/mongodb- linux/bin/mongod” This says that mongod is a trusted application, using the category @mongodata, and has access to the KSS where the Master Encryption Key is stored. • MongoDB data node directory encryption “ezncrypt --encrypt @mongodata /var/lib/mongodb/data/db/” This says that /data/db directory is encrypted, along with any new file or data saved to it. Only the MongoDB process will be able to “see” the data by linking encryption to the ACL w/ @mongodata. 11/7/2012 Gazzang - All rights reserved 2012 13
  • 14. Key Management • zNcrypt KSS (Key Storage System) – Hardened SaaS offering (or within enterprise / private cloud) – Secure access from zNcrypt client, multiple layers of security – SaaS KSS configured with high availability / failover 11/7/2012 Gazzang - All rights reserved 2012 14
  • 15. Ease of Deployment • Install zNcrypt – Package managers (yum, apt-get), Chef, Puppet, JuJu, etc • Create master encryption key – Passphrase method (optional “split security”) – RSA Key file method • Create ACLs – Simple command-lines (ALLOW/DENY style) – Almost any process or script allowed: • Virtually any application, process or script: MongoDB, MySQL, Apache, Tomcat, backup software, document management, etc • Encrypt data – Simple command line calls, down to the file level 11/7/2012 Gazzang - All rights reserved 2012 15
  • 16. Chef – Opscode Community 11/7/2012 Gazzang - All rights reserved 2012 16
  • 17. Chef - GitHub 11/7/2012 Gazzang - All rights reserved 2012 17
  • 18. Live Demonstration Chef Using zNcrypt Cookbook November 7, 2012
  • 19. Install MongoDB and zNcrypt with #chef-client 11/7/201 Gazzang - All rights reserved 2011 19 2
  • 20. Install MongoDB and zNcrypt with #chef-client 11/7/201 Gazzang - All rights reserved 2011 20 2
  • 21. Install MongoDB and zNcrypt with #chef-client 11/7/201 Gazzang - All rights reserved 2011 21 2
  • 22. Gazzang Overview Gazzang provides big data security and diagnostics solutions and that help enterprises protect sensitive information and maintain performance in cloud environments – Based in Austin, Texas – Funded by Austin Ventures and Silver Creek Ventures – 225+ customers – SaaS, Healthcare, Financial Services, Government, Technology 11/7/2012 Gazzang - All rights reserved 2011 22
  • 23. Thank You Q&A 11/7/2012 Gazzang - All rights reserved 2012 23
  • 24. Protect Your MongoDB Data For more information contact us: info@gazzang.com Robert Linden robert.linden@gazzang.com 11/7/2012 Gazzang - All rights reserved 2012 24