Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Apache Cassandra / NYC* 2013 / 8 Apr 2013
Apache Cassandra / NYC* 2013 / 8 Apr 2013
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: NYC* 2013 - "Security at Gazzang" (Lightning Talk)

Description

Speaker: Eddie Garcia, VP of Development at Gazzang
Topic: Security at Gazzang (DataStax Partner)

A

You're the data that's going to be in this application and that's what we help them do also if there is a breach, if you're using our solution, which is a data at rest, encryption solution, we're able to mitigate the loss. If there is a compromise, all the attackers got is a bunch of encrypted data and there's no way that they can get into it.

A

The key is stored in a separate system away from the data which makes it very secure, also some regulations, depending on which ones you may be bound to, depending on the type of data offer safe, harbor clauses.

A

So even if you do have a breach, if you had data at rest, encryption implemented properly with key management, you don't have to make an announcement that you had a breach, and some regulations require that unless you can demonstrate that we also store the master key for our encryption in our in a key manager solution that we have- and this is also opened up for our customers- to store other objects and other key certificates tokens all of these types of things.

A

So we're able to help, eliminate and manage key and object sprawl, which is another big problem we're hearing about from our customers. We get whether it's encrypting laptop information and certificates or ssl certs for your web servers as well as encryption keys and everything we do. We try to follow best practices and we have multi-factor authentication built into our key manager solution.

A

The crux of this is a trustee is able to be assigned, as the final say, a human being, who gives the ultimate decision of whether an object that is being requested from our key manager can be released or not. We use that for our encryption, it's an optional configuration you can put on there.

A

If you need the tightest security there, we're able to have that trustee receive notification, that a key is being requested and they can then authorize or deny the release of that object, which makes this for a very powerful security or also have a monitoring solution, allows us to monitor and track and identify what's happening in our security and system events that are going on there, specifically for Cassandra and datastax a couple.

A

A couple of customer use cases we have a handset manufacturer, uses our encryption to protect user credentials personally identifiable information and device usage patterns that they're tracking in their application, and they rely on our product to secure the data stacks implementation and protect this data arrest encryption.

A

Also, a hardware company is using datastax enterprise to store digital rights, information and again they're, depending on ghazan, to lock down and protect the drm information that the details that secure and maintain the protection over that intellectual property in that application, and we also have a large healthcare provider that is running analytics against HIPAA data.

A

They various treatments, ER visits, all kinds of data they're, bringing in and consolidating together, using cassandra and again they're leveraging our encryption and key management to be able to protect that and keep it inaccessible to unauthorized users and patients, and things like that. So there's a lot of different use cases in various verticals in the industry. For us to do this. So to sum up: yg Zhang! Well, first of all, right now we are the first and only security solution, partnered with datastax.

A

It's something we're really proud of, and even with the data stack security, the most recent release where they have their encryption in there datastax will even tell you to have a fully compliant and really secure solution with it. With this, you need to combine that with Kazan with our encryption and key management. Our engineering team, where they're all Linux specialists, have been an open source for a long time.

A

We maintain a couple guys on our team, maintain open source projects outside of their work at Kazan and are very active participants, contributors and users to the open source world you're able to encrypt at different levels. We can encrypt individual nodes and images, also file level, encryption or block level encryption depending on what the business require. It's are also we work well in very elastic environments. If you're, spinning up and bringing down servers there, the universal key and certificate management. This trusty aspect that I talked to you about on this key manager solution.

A

It's we've got patent pending for that trustee process, and all of that is in the works. Now, we're really really proud were the only people doing that right now that we know of we were built from the ground up for the cloud, so it's very easy in an Amazon environment or Rackspace or wherever you may be putting your in your infrastructure, we can spin up down. We really don't care what that underlying infrastructure is, and it's it's all a software based solution, so even for the key manager very easy to deploy.

A

We host a version of our key manager for our customers, and actually the majority of them use that, but we also can put that on premises so come come, learn about design, contact us and we'll be glad to talk to you more about that.

A

You.