CockroachDB helps small to large organizations manage their transactional data at global scale, with high-availability, while providing multi-cloud & hybrid disaster proofing capabilities. Many of those customers trust CockroachDB to store PII or organizationally sensitive data, and they secure it with native data security capabilities in the product. But there are some needs that require reimagination of how one looks at data security at different kinds of scale - across different business units or teams, across multiple CockroachDB clusters, or across multiple types of data stores including OLTP and OLAP.
And to address such challenges, we are excited to forge a partnership with Satori to provide a joint solution to our customers. Satori is a DataSecOps platform that enables companies to streamline access to sensitive data and shorten the time it takes to provide data access while enhancing security features.
Before diving into the specific challenges addressed by the joint solution, let’s run through a contextual overview of how we think about security for CockroachDB. You’ll notice that most of the “blazing fast” or “performance benchmark breaking” databases out there either treat security as a blocker to resolve, or as an afterthought. But here at Cockroach Labs, we believe that security is rooted in trust that app teams and their users place when storing their PII, PHI or other confidential data in a database, and it’s a fundamental right when using a database. To that end, our security mental model is based on 4 key pillars:
When we looked at the security features within CockroachDB and what our most security conscious customers would need in future, we analyzed that a new class of enhanced data security capabilities spanning across the IAM and Data Protection & Privacy pillars would help our customers build a greater degree of trust in their database. And we realized that partnering with the awesome team at Satori would help us bring more innovative solutions because they are focused on relevant classes of problems across the broader OLTP & OLAP space, and a Satori partnership allows us to provide those capabilities much faster to our customers.
Customer admins can use Satori to configure fine-grained access control consisting of row and column-level security across their users in a scalable manner, while using no-code policies and using either role-based access control (RBAC) or attribute-based access control (ABAC).
Customers can also create separate database views for different classes of row and column-level controls in CockroachDB. Though this approach can pose a scale challenge if the number of user classes increases in an organization, or if the app teams need a mechanism to enforce similar controls across multiple clusters.
App or security teams can use Satori to configure PII or PHI data masking to set up different classes of permissive and restrictive profiles across their users and clusters in a scalable manner, again while using no-code policies. This can be combined with the fine-grained access control capability because typically the customers need to address both requirements.
Customers can also use a DIY solution to mask the data on the app or client-side before writing it to CockroachDB. Though that can be too restrictive if a minimum set of high-privileged users need the ability to query the unmasked or anonymized data for auditing purposes. Starting with CockroachDB version 22.1, customers can alternatively use hmac() and digest() functions in pgcrypto if they want a more localized solution.
Security / Risk teams and admins can use Satori to configure scalable data access auditing for audit information with enriched metadata and contextual information. The reason to use this capability is stronger when there are multiple clusters or different types of data stores including CockroachDB.
Customers can also use CockroachDB’s SQL audit logging capability if they want a more native solution.
As you can see, there are both CockroachDB specific and Satori-integrated solutions for the above mentioned requirements. The right approach for your organization depends on your scale, use case complexity, and maturity. Our recommendations are:
Customers can just drop the Satori’s Data Access Controller (DAC) in between their users & apps and the CockroachDB cluster. The Satori DAC works as a transparent proxy to apply configured controls both during writes or reads, without having to change anything within the database cluster. It just works.
Depending on the requirements, some customers could choose to route only the human user traffic through the Satori DAC, while allowing the traffic for apps to go straight to the database clusters. Reasons for that could include the need for apps to see all data as-is, or not having to incur even the minimum amount of latency (to the order of single-digit milliseconds) due to Satori DAC intercepting app traffic. Point being, the architecture can be flexible depending on specific needs. To ensure that relevant traffic to CockroachDB only comes through Satori DAC (and optionally from an app), we recommend using VPC Peering on GCP or PrivateLink on AWS or IP Allowlisting on either cloud.
The CockroachDB and Satori partnership was made in a tech heaven, because both products have similar offerings or deployment models, which fit nicely with each other:
And it’s possible to mix the offerings across CockroachDB and Satori depending on unique customer needs.
If you don’t have a CockroachDB cluster yet, you could get started here. Once the cluster is set up, try out the integration in the Satori test drive. It takes less than five minutes to getbe up and running.
Setting up Satori with CockroachDB is super easy and requires no downtime if you follow these steps:
We also encourage you to watch this session from Satori’s Data Leader Summit where we provide an overview of the integration and showcase it through a demo.
NOTE: This blog requires a fairly in-depth understanding of your application and changefeeds. If you want to learn more …Read More
Managing a single Kubernetes cluster in a single environment can be a challenge, and if you extend this to multiple …Read More