Scylla Security Features

Scylla Security Features

This lesson covers security features and the way that Scylla handles security. Some of the topics covered in this lesson are:

  • Why is it important to secure your data? Business value is increasingly tied to data. Security properties such as Identity, Authentication, Confidentiality, Availability, Integrity, and Non-repudiation
  • How to manage identities with users? Identity, Authentication, Users and passwords, and Availability
  • What is Authentication and how it limits access to the cluster to identified clients? Authentication is the process where login accounts and their passwords are verified, and the user is allowed access into the database.
    Users and passwords are created with roles using a GRANT statement. This procedure enables Authentication on the Scylla servers. However, once complete, all clients (application using Scylla/Apache Cassandra drivers) will stop working, until they are updated to work with Authentication as well.
  • The concepts of roles and permissions, Confidentiality, Non-repudiation
  • What is Authorization? How are users granted permissions which entitle them to access or change data on specific keyspaces, tables, or an entire datacenter? Role-Based Access Control is a method of reducing lists of authorized users to a few roles assigned to multiple users. It also includes an example.
  • Encryption In Transit, which is: Client to Node, Node to Node, and an overview of Encryption At Rest, which includes data stored in Tables, System, and Providers.
  • Encryption at Rest, or how to encrypt user data as stored on disk? This is invisible to the client and available on Scylla Enterprise. It uses disk block encryption and has a minimal impact on performance.
  • Auditing, which enables us to know who did/looked at / changed what and when by logging activities a user performs on the Scylla cluster.
  • The importance of ensuring that Scylla runs in a trusted network environment, limiting access to IP / Port by role, using minimal privileges principle, avoiding Public IP if possible, and using VPC if possible. Security is an ongoing process. Make sure that you routinely upgrade to the latest Scylla and OS versions, routinely check for network exposure, routinely replace keys/passwords, use 2FA (Scylla Cloud), and use minimal privilege principle, apply available security features.

By the end of this lesson, you’ll understand why security is important in Scylla, the different security features, and how it works.

You can read more about security in the documentation.

To report this post you need to login first.