Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Securing Your Couchbase Server Deployment Using Vormetric: Couchbase Connect 2015


Published on

With increased adoption of the NoSQL, companies are also increasingly populating Couchbase Server with sensitive information. This information can take the form of such things as personally identifiable information (PII), personal health information (PHI), or sensitive customer/internal information. This information must adhere to regulatory requirements – such as PCI and HIPPA, adhere to state and local privacy laws, adhere to customer and partner service level agreements, and have controls in place to prevent insider abuse of the sensitive information. In this session, learn how Vormetric and Couchbase have partnered together to address the data security needs for protecting sensitive information being stored in Couchbase Server.

Published in: Technology
  • Be the first to comment

Securing Your Couchbase Server Deployment Using Vormetric: Couchbase Connect 2015

  1. 1. Slide No: 1 Data Security for Couchbase Don Pinto Arun Gowda
  2. 2. Agenda  NoSQL/Couchbase Overview  Encryption/Data Security Drivers  Vormetric Overview  Protecting Sensitive Data in Couchbase  Sample Security Policy for Couchbase  Summary
  3. 3. Why NoSQL security ? Big data not only means..  Volume  Velocity  Variety But also  Value NoSQL is a popular solution for big data apps. 90% STRUCTURED UNSTRUCTURED Structured information is only 10% of the story 90% of big data is unstructured and is made up of information like emails, videos, tweets, facebook posts, web clicks, and so on.. Because your information is valuable 10%
  4. 4. ©2014 Couchbase, Inc. 4 Prod Dev,QA, Test Storage Storage Backup Server Sensitive hAck3rs Which ports are open through the firewall? What if an operator steals a disk? Is sensitive data encrypted? Is there admin access and data access separation? Is your data encrypted in the cloud? Common security questions Are backups encrypted ? XDCR to remote Cluster Is XDCR Secure? What Vulnerabilities?
  5. 5. Sensitive Data is Dispersing and Growing Becoming harder to secure • Physical • Virtual • Outsourced • Sources • Nodes • Analytics Enterprise Data Centers Private, Public, Hybrid Clouds Big DataRemote Servers • 2013: 1 Zettabyte of sensitive data not protected • 2020: 10 Zettabytes of exposed sensitive data - IDC 2014
  6. 6. Top Concerns for Cloud and Big Data Security and compliance “By 2018 … 25% of corporate data traffic will bypass traditional perimeter security defenses - up from 4% today.” “By 2018, 25% of corporate data traffic will bypass traditional perimeter security defenses – up from 4% today.” - Gartner, Nov 2013 Top Security Concerns With Cloud Computing March 2014 41 % 35 % 32 % 26 % 18 % 15 % 11 % 10 % 4% Data Privacy and Security Access and Control Auditing and Compliance Control of Data Security Models/ Toolsets Contractual/ Legal Issues Internal Issues Network Connection Security Geographical Coverage “The biggest growth inhibitors for Big Data market are security and privacy concerns. ” - Wikibon, Jan 2014 Big Data Market Forecast
  7. 7. Traditional IT Security Challenges Never Subside Slide No: 7
  8. 8. Vormetric Data Security Platform Centralized Encryption, Tokenization, Key Management Best Encryption Security & Compliance
  9. 9. Protecting Sensitive Data in Couchbase  Sensitive data (e.g. PII/PHI) resides in many locations inside the enterprise (and in the cloud) in structured and unstructured formats  Sensitive data is required by state and national regulations to be encrypted at rest  Sensitive data should also be monitored and protected from insider threats, malware, and APTs which can lead to data breaches
  10. 10. Reporting & Analytics Storage Database Application User File Systems Volume Managers • Allow/Block • Encrypt/Decrypt Vormetric Data Security Manager virtual or physical appliance Cloud Admin, Storage Admin, etc *$^!@#)( -|”_}?$%-:>> DSM *$^!@#)( -|”_}?$%- :>> Encrypted & Controlled Privileged Users John Smith 401 Main Street Clear Text Approved Processes and Users Server DSM Storage Database Application User File Systems Volume Managers External key management - SS Tables / Data - Saved Caches - Commit Logs / Error logs, etc - Configuration files AuditLogs Vormetric Transparent Encryption File Level Encryption
  11. 11. *$^!@#)( -|”_}?$%- :>> John Smith 401 Main Street Clear Text Storage Database Application User File Systems Volume Managers Big Data, Databases or Files Vormetric Data Security Manager Virtual or Physical Appliance Cloud Provider / Outsource Administrators *$^!@#)( -|”_}?$%- :>> Name: Jon Dough SS: if030jcl PO: Jan395-2014 Approved Applications Privileged Users • Allow/Block • Encrypt/Decrypt External key management Reporting & Analytics AuditLogs Encrypted & Controlled Encrypted & Controlled Vormetric Application Encryption Field Level Encryption
  12. 12. Couchbase encryption – client Encryption at the application Leverage Vormetric encryption and key management APIs, libraries, and sample code in Java, .NET, C/C++. VAE Application Vormetric Application Encryption Vormetric API Encryption Key Request / Response* DSM Couchbase Client-server SSL Via Couchbase SDKs
  13. 13. Setting up Couchbase Enterprise Access Control and Security Policies
  14. 14. Creating 2 User Set Lists – Couchbase Approved User and Privileged User (root)
  15. 15. User Policies
  16. 16. Protecting Directories That Potentially Contain Sensitive Data
  17. 17. Intended User Can See File Metadata and Read couchdb.log Data Content Vormetric Security Intelligence Event Log:
  18. 18. Privileged User Can See File Metadata, and couchdb.log Log Data is Encrypted Vormetric Security Intelligence Event Log:
  19. 19. Any Other User Is Denied Any Access Vormetric Security Intelligence Event Log:
  20. 20. Summary  Couchbase provides a powerful NoSQL platform  Data security including encryption should be addressed proactively  Vormetric & Couchbase have partnered to enable customers to build high-performance, highly- secure applications  Visit for more information 
  21. 21. Protect What Matters, Where it Matters | @NoSQLDon | @vormetric
  22. 22. Don’t forget to fill out the Connect Session Survey on the Connect App Get Started with Couchbase Server 4.0: Test drive vormetric @ Get trained on Couchbase: