Securing Data in MongoDB with Gazzang and ChefRobert Linden, Sr. Solutions Architect at Gazzang                           ...
What’s in your Cloud?                  What data are you storing?11/7/2012   Gazzang - All rights reserved 2012
What’s in your Cloud?                  How are you protecting that data?11/7/2012   Gazzang - All rights reserved 2012
What’s in your Cloud?                  How are you managing the keys?11/7/2012   Gazzang - All rights reserved 2012
Student Record Breaches   • Since 2010, more than three million student records have been     compromised due to hack atta...
Breaches Hit Every Industry11/7/201           Gazzang - All rights reserved 2012   62
Data Security For MongoDBGazzang, 10gen and Opscode Partner to Deliver Automated Enterprise-Class Data Security for MongoD...
MongoDB Native Security                                                         Admin Users      Regular Users            ...
Education Use Case on MongoDB                                                   Node 1                Node 2              ...
Cloud Security Challenges   • Protect Sensitive Data in the Cloud            – Ensure sensitive data and encryption keys a...
Gazzang zNcrypt™    zNcrypt sits between the file system and ANY database,    application or service running on Linux to e...
zNcrypt Architecture                                                 • Key Management                                     ...
ACL Rules and Encryption                                                 •   MongoDB ACL Rule                             ...
Key Management• zNcrypt KSS (Key Storage System)            – Hardened SaaS offering (or within enterprise / private cloud...
Ease of Deployment   • Install zNcrypt            – Package managers (yum, apt-get), Chef, Puppet, JuJu, etc   • Create ma...
Chef – Opscode Community11/7/2012   Gazzang - All rights reserved 2012   16
Chef - GitHub11/7/2012   Gazzang - All rights reserved 2012   17
Live DemonstrationChef Using zNcrypt Cookbook                              November 7, 2012
Install MongoDB and zNcrypt with #chef-client11/7/201           Gazzang - All rights reserved 2011      192
Install MongoDB and zNcrypt with #chef-client11/7/201           Gazzang - All rights reserved 2011      202
Install MongoDB and zNcrypt with #chef-client11/7/201           Gazzang - All rights reserved 2011      212
Gazzang Overview    Gazzang provides big data security and diagnostics solutions and    that help enterprises protect sens...
Thank You                                                 Q&A11/7/2012   Gazzang - All rights reserved 2012         23
Protect Your MongoDB Data                                For more information                            contact us: info@...
Upcoming SlideShare
Loading in...5
×

Securing Data in MongoDB with Gazzang and Chef

2,777
-1

Published on

For the first time this year, 10gen will be offering a track completely dedicated to Operations at MongoSV, 10gen's annual MongoDB user conference on December 4. Learn more at MongoSV.com

1 Comment
3 Likes
Statistics
Notes
  • You can also use MongoDirector.com to setup a secure deployment of MongoDB
    1. SSL - http://blog.mongodirector.com/secure-your-mongo-clusters-with-ssl/
    2. Encrypt data at rest - http://blog.mongodirector.com/encrypt-mongodb-data-at-rest/
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
2,777
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
49
Comments
1
Likes
3
Embeds 0
No embeds

No notes for slide

Securing Data in MongoDB with Gazzang and Chef

  1. 1. Securing Data in MongoDB with Gazzang and ChefRobert Linden, Sr. Solutions Architect at Gazzang November 7, 2012
  2. 2. What’s in your Cloud? What data are you storing?11/7/2012 Gazzang - All rights reserved 2012
  3. 3. What’s in your Cloud? How are you protecting that data?11/7/2012 Gazzang - All rights reserved 2012
  4. 4. What’s in your Cloud? How are you managing the keys?11/7/2012 Gazzang - All rights reserved 2012
  5. 5. Student Record Breaches • Since 2010, more than three million student records have been compromised due to hack attacks or lost, stolen or missing files. • This year alone… • 23,000 SSN’s breached at the University of North Florida • 16,000 SSN’s, birth dates and student ID’s breached from Eugene, Oregon school district • 650,000 records breached from University of Nebraska • 350,000 records from UNC Charlotte • and more….11/7/2012 Gazzang - All rights reserved 2012
  6. 6. Breaches Hit Every Industry11/7/201 Gazzang - All rights reserved 2012 62
  7. 7. Data Security For MongoDBGazzang, 10gen and Opscode Partner to Deliver Automated Enterprise-Class Data Security for MongoDB • Pre-built integration requires no changes to your application or database • Leverages automation tools for distributed deployment • World-class support available through Gazzang, 10gen and Opscode 11/7/2012 Gazzang - All rights reserved 2012
  8. 8. MongoDB Native Security Admin Users Regular Users User user1 user2 authentication user3 SSL encryption SSL encryption for client for inter-server connection traffic Primary Secondary Client Data Files Data Files11/7/2012 Gazzang - All rights reserved 2012 8
  9. 9. Education Use Case on MongoDB Node 1 Node 2 Data Files Data Files Teacher First Name Bob Student Last Name Jones First Name Alice Email bob@xx.edu Last Name Smith Phone 555-5555 Email alice@yy.edu SSN XXX-XX-XXXX Grade 5th Address 804 Congress City Austin State TX11/7/2012 Gazzang - All rights reserved 2012 9
  10. 10. Cloud Security Challenges • Protect Sensitive Data in the Cloud – Ensure sensitive data and encryption keys are never stored in plain text nor exposed publicly – Maintain control of your encryption keys and your proprietary data • Ensure Big Data Security – Harden Big Data infrastructures that have relatively weak security and no encryption protection – Maintain Big Data performance and availability • Enable Compliance – Encrypt data at rest and enforce tight access control policies – Protect your regulated data in the event of a breach11/7/2012 Gazzang - All rights reserved 2012 10
  11. 11. Gazzang zNcrypt™ zNcrypt sits between the file system and ANY database, application or service running on Linux to encrypt data before it writes to the disk. • AES 256 encryption • Process-based ACLs • Maximum performance • Transparent data encryption • Enterprise scalability • Packaged support for MongoDB11/7/2012 Gazzang - All rights reserved 2011 11
  12. 12. zNcrypt Architecture • Key Management – Off-site key storage – In the cloud / on premises – Hardened & highly available • Access Control – Process-based ACL rules – Transparent data encryption – Separate from users & groups • Encryption – Data at rest / AES-256 – File level encryption – Excellent performance11/7/2012 Gazzang - All rights reserved 2012 12
  13. 13. ACL Rules and Encryption • MongoDB ACL Rule “ALLOW @mongodata * /home/mymongo/mongodb- linux/bin/mongod” This says that mongod is a trusted application, using the category @mongodata, and has access to the KSS where the Master Encryption Key is stored. • MongoDB data node directory encryption “ezncrypt --encrypt @mongodata /var/lib/mongodb/data/db/” This says that /data/db directory is encrypted, along with any new file or data saved to it. Only the MongoDB process will be able to “see” the data by linking encryption to the ACL w/ @mongodata.11/7/2012 Gazzang - All rights reserved 2012 13
  14. 14. Key Management• zNcrypt KSS (Key Storage System) – Hardened SaaS offering (or within enterprise / private cloud) – Secure access from zNcrypt client, multiple layers of security – SaaS KSS configured with high availability / failover11/7/2012 Gazzang - All rights reserved 2012 14
  15. 15. Ease of Deployment • Install zNcrypt – Package managers (yum, apt-get), Chef, Puppet, JuJu, etc • Create master encryption key – Passphrase method (optional “split security”) – RSA Key file method • Create ACLs – Simple command-lines (ALLOW/DENY style) – Almost any process or script allowed: • Virtually any application, process or script: MongoDB, MySQL, Apache, Tomcat, backup software, document management, etc • Encrypt data – Simple command line calls, down to the file level11/7/2012 Gazzang - All rights reserved 2012 15
  16. 16. Chef – Opscode Community11/7/2012 Gazzang - All rights reserved 2012 16
  17. 17. Chef - GitHub11/7/2012 Gazzang - All rights reserved 2012 17
  18. 18. Live DemonstrationChef Using zNcrypt Cookbook November 7, 2012
  19. 19. Install MongoDB and zNcrypt with #chef-client11/7/201 Gazzang - All rights reserved 2011 192
  20. 20. Install MongoDB and zNcrypt with #chef-client11/7/201 Gazzang - All rights reserved 2011 202
  21. 21. Install MongoDB and zNcrypt with #chef-client11/7/201 Gazzang - All rights reserved 2011 212
  22. 22. Gazzang Overview Gazzang provides big data security and diagnostics solutions and that help enterprises protect sensitive information and maintain performance in cloud environments – Based in Austin, Texas – Funded by Austin Ventures and Silver Creek Ventures – 225+ customers – SaaS, Healthcare, Financial Services, Government, Technology11/7/2012 Gazzang - All rights reserved 2011 22
  23. 23. Thank You Q&A11/7/2012 Gazzang - All rights reserved 2012 23
  24. 24. Protect Your MongoDB Data For more information contact us: info@gazzang.com Robert Linden robert.linden@gazzang.com11/7/2012 Gazzang - All rights reserved 2012 24
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×