This is an automated email from the ASF dual-hosted git repository. blerer pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/cassandra-website.git
commit 395d33b7d5b38e06754c71210ec9a6577beac6f4 Author: Diogenese Topper <diotop...@gmail.com> AuthorDate: Thu Jan 27 13:50:02 2022 -0800 January 2022 blog "Tightening Security for Apache Cassandra Part: 1" patch by Maulin Vasavada, Diogenese Topper; reviewed by Eric Ramirez for CASSANDRA-17317 Add blog post titled "Tightening Security for Apache Cassandra Part: 1" update blog index add 2 images for blog --- .../modules/ROOT/images/blog/emarketer-chart.png | Bin 0 -> 232196 bytes .../images/blog/tighten-security-p1-unsplash.jpg | Bin 0 -> 199281 bytes site-content/source/modules/ROOT/pages/blog.adoc | 24 +++++++++++ ...ening-Security-for-Apache-Cassandra-Part-1.adoc | 45 +++++++++++++++++++++ 4 files changed, 69 insertions(+) diff --git a/site-content/source/modules/ROOT/images/blog/emarketer-chart.png b/site-content/source/modules/ROOT/images/blog/emarketer-chart.png new file mode 100644 index 0000000..c9d1a60 Binary files /dev/null and b/site-content/source/modules/ROOT/images/blog/emarketer-chart.png differ diff --git a/site-content/source/modules/ROOT/images/blog/tighten-security-p1-unsplash.jpg b/site-content/source/modules/ROOT/images/blog/tighten-security-p1-unsplash.jpg new file mode 100644 index 0000000..bb83160 Binary files /dev/null and b/site-content/source/modules/ROOT/images/blog/tighten-security-p1-unsplash.jpg differ diff --git a/site-content/source/modules/ROOT/pages/blog.adoc b/site-content/source/modules/ROOT/pages/blog.adoc index 671e40b..a848978 100644 --- a/site-content/source/modules/ROOT/pages/blog.adoc +++ b/site-content/source/modules/ROOT/pages/blog.adoc @@ -14,6 +14,30 @@ NOTES FOR CONTENT CREATORS [openblock,card-header] ------ [discrete] +=== Tightening Security for Apache Cassandra: Part 1 +[discrete] +==== January 31, 2022 +------ +[openblock,card-content] +------ +The growth in ecommerce has demanded a greater focus on data security, Maulin Vasavada begins a mini-series on how to customize SSL/TLS configurations to tighten security in Cassandra 4.0+. + +[openblock,card-btn card-btn--blog] +-------- +[.btn.btn--alt] +xref:blog/Tightening-Security-for-Apache-Cassandra-Part-1.adoc[Read More] +-------- + +------ +---- +//end card + +//start card +[openblock,card shadow relative test] +---- +[openblock,card-header] +------ +[discrete] === Apache Cassandra Changelog #11 [discrete] ==== January 18, 2022 diff --git a/site-content/source/modules/ROOT/pages/blog/Tightening-Security-for-Apache-Cassandra-Part-1.adoc b/site-content/source/modules/ROOT/pages/blog/Tightening-Security-for-Apache-Cassandra-Part-1.adoc new file mode 100644 index 0000000..e78ecc5 --- /dev/null +++ b/site-content/source/modules/ROOT/pages/blog/Tightening-Security-for-Apache-Cassandra-Part-1.adoc @@ -0,0 +1,45 @@ += Tightening Security for Apache Cassandra: Part 1 +:page-layout: single-post +:page-role: blog-post +:page-post-date: January, 31 2022 +:page-post-author: Maulin Vasavada +:description: The Apache Cassandra Community + +image::blog/tighten-security-p1-unsplash.jpg[secure lock and chain across a door] + +Image credit: https://unsplash.com/@thommilkovic[Thom Milkovic on Unsplash^] + +This series will show you how Apache Cassandra 4.0+ enables users to customize SSL/TLS configuration flexibly and enhance the database’s security posture. First, we will start with some context before diving into the technical details. + +According to eMarketer’s https://www.emarketer.com/content/us-ecommerce-forecast-2021[forecast in 2021^]: “US e-commerce sales are projected to continue to grow by double digits, up 17.9% in 2021 to $933.30 billion. E-commerce penetration will continue to increase, more than doubling from 2019 to 23.6% in 2025.” While eMarketer’s data is only for the US, the global trend is seeing a similar upward swing. With this growth in buying online, there is an increased focus on security and how t [...] + +image::blog/emarketer-chart.png[eMarketer chart] +[#img-ecommerce] +The growth in ecommerce also demands software that's both secure and scalable. + +=== Adoption of Apache Cassandra & Securing Data + +Apache Cassandra is the open source NoSQL database for mission-critical data. Its adoption grows day-by-day in the industry, and it’s used by all sizes of organizations serving varied technical and business domains, such as IT Financial Services, Healthcare, Retail, Government, and Education, to name a few. You can find some xref:blog/Apache-Cassandra-Usage-Report-2020.adoc[interesting statistics] from the 2020 survey about Apache Cassandra’s usage in the industry. + +As the web traffic grows for business-to-consumer interactions, service providers need to ensure customer data is securely protected and the backing software can scale to handle growing demand without outages. Service providers use various technologies to support their business functions such as Online Transaction Processing (OLTP), serving internal analytical needs for customer insights, running risk and fraud detection systems, etc. As traffic grows, each sub-system and technology will [...] + +Primarily there are two avenues to consider for securing data: data in transit and data at rest. + +Data in transit refers to the data traveling between computers over the network (sometimes referred as ‘over-the-wire’). For example, a customer’s credit card details travel to the service provider for payment processing, and, of course, customers expect that to be done securely. + +Data at rest refers to the data digitally stored for durability. Like data in transit, data at rest needs to be secured with appropriate access control mechanisms and data encryption. + +In this series, we’re focused on securing data in transit. We will cover the security aspects in more detail in Part 2, but first, a few basics of security followed by how Apache Cassandra enables operators with configurable options for securing data in transit, meaning between client nodes and Cassandra server nodes and from server to server. + + +=== Using TLS to secure data-in-transit + +TLS (Transport Layer Security) is an industry-standard cryptographic protocol to secure data over the wire between two computers. Typically, this is between a web server and a browser. It is a successor of SSL (Secure Socket Layer) protocol and many times you would notice SSL and TLS are used interchangeably by technologists for higher-level discussions. Here are some good https://www.internetsociety.org/deploy360/tls/basics/[guides^] for learning about TLS basics and understanding the h [...] + +TLS requires the server to have an asymmetric key pair https://protonmail.com/blog/tls-ssl-certificate/#What-is-a-TLS-certificate[digital certificate^]. This enables the client to trust the server is what it claims to be, but the server will trust any client. In order to limit which clients the server trusts, you must provide the server with a similar certificate for each allowed client so the server can https://aboutssl.org/ssl-tls-client-authentication-how-does-it-works/[authenticate a [...] + +Apart from some https://www.internetsociety.org/deploy360/tls/basics/[higher level challenges^] with TLS, there are also operational challenges you will need to consider, which we will cover in Part 2. Next time, we will look at storing your private key and password, credential rotations, operations at scale, and how to configure TLS/mTLS on the server-side. + +=== Want to learn more about Apache Cassandra’s security features? + +Head to our https://cassandra.apache.org/doc/trunk/cassandra/operating/security.html[Security documentation] section for more details. --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org