DataStax Enterprise (DSE) Advanced Security plays a critical role in keeping our customers’ data safe. Enterprise companies have very strict security requirements, which is why DSE Advanced Security provides robust and easy-to-use security functionality, including:
- Unified Authentication and Role Management – Allows our customers to easily integrate their existing Kerberos, LDAP, and Active Directory users and schemes across the DataStax Enterprise product suite.
- Data Auditing – Gives administrators the ability to understand “who looked at what, when” and “who changed what, when”, which is crucial for meeting many security compliance standards.
- Row Level Access Control and Proxy Authentication – Restricts which rows a user has access to within a table while preserving client-side identities and privileges in middleware such as web servers.
Today, we’re excited to announce three new critical security enhancements available in DSE 6: Private Schemas, Auditing by Role, and Separation of Duties.
Private Schemas
We’re now giving administrators more control over schema visibility. Administrators can control whether or not a user can see certain schema definitions, which can be especially helpful in securing multi-tenant applications. Private Schemas supports the principle of least privileges, which is key for meeting many security compliance standards.
Auditing by Role
We’ve enhanced auditing with the ability to audit changes and user activity by role. Traditionally, auditing in DSE was controlled by which respective database object you wanted to keep track of. Having role-based auditing greatly reduces the audit trail, since most administrators want to keep track of human activity rather than machine-generated activity.
Auditing by role is as simple as either including or excluding roles from the dse.yaml.
Separation of Duties
There are many cases where administrators need full control of the database but should not have access or visibility to the data itself. For example, imagine a doctor or nurse who requires access to sensitive medical data. In this case, the administrator would still have the correct privileges to grant access to the doctor or nurse but the administrator would not be able to access the data.
Restricting SELECT and MODIFY privileges on an admin role is simple in CQL.
Now’s Your Chance for Total Security
Security continues to be a priority in DSE, and we’re excited for you to try the new security enhancements in DSE 6. For more information on how how to implement these new security enhancements or any of the DataStax Enterprise Advanced Security components, or to download DSE 6, please visit:
