Toggle Menu

DataStax Enterprise Advanced Security

Mimimize Risk

Minimize Risk

Unified authentication, parameterized statements, and SSL-enabled drivers allow you to minimize risk exposure, increase transparency and control, and prevent things like SQL Injection attacks.

Achieve Granular Access Control

Achieve Granular Access Control

Client-to-node encryption, node-to-node encryption, and transparent data encryption, combined with the ability to easily manage user permissions, ensure no improper access to data.

Ensure Compliance

Ensure Compliance

Enhanced data auditing and reporting along with end-to-end encryption and redaction of sensitive application data enable you to easily comply with regulatory standards like PCI, SOX, HIPAA, and GDPR.

Advanced Security In Action

Separation of Duties

Separation of Duties

There are many cases where administrators need full control of the database but should not have access or visibility to the data itself. For example, imagine a doctor or nurse who requires access to sensitive medical data. In this case, the administrator would still have the correct privileges to grant access to the doctor or nurse but the administrator would not be able to access the data.

Auditing by Role

Auditing by Role

Traditionally, auditing in DSE was controlled by which respective database object you wanted to keep track of. Having role-based auditing greatly reduces the audit trail, since most administrators want to keep track of human activity rather than machine-generated activity.

Key Features

Unified Authentication and Role Management

Allows our customers to easily integrate their existing Kerberos, LDAP, and Active Directory users and schemes across the DataStax Enterprise product suite.

Data Auditing

Gives administrators the ability to understand “who looked at what, when” and “who changed what, when”, which is crucial for meeting many security compliance standards.

Row Level Access Control and Proxy Auth

Restricts which rows a user has access to within a table while preserving client-side identities and privileges in middleware such as web servers.

Permission Management

Use GRANT/REVOKE paradigm and Active Directory/LDAP to assign access permissions.