Kafka security & compliance to reduce risk for your streaming data projects
Sure, you may have secure Kafka infrastructure, but dropping your guard on data operations in Kafka spells disaster: breaching compliance, outages, or worse - finding your data for sale on Craigslist.
Do you have a “don’t look, don’t tell” approach to Kafka security?
Onboarding critical data to Apache Kafka can get messy - leading to your security teams asking you: what decade are these security controls from?
How can you make sure users can access the right Kafka resources, so you can get your project to production and not worry about a 3am call from your infosec team?
Why secure your Kafka data operations?
Reduce Risk
A single endpoint to operate Kafka means a smaller attack surface.
Get to production faster
Get the all-clear from your compliance team with identity and access management.
Speed up breach response
Kafka observability & user activity audits get you ready for an incident response.
“We are a healthcare company, the integration with Okta, RBAC and audit features are key for us and allow us to open up the platform to wider teams”
Lead Data Operations Engineer, Jeremy Frenay
Apache Kafka security best practices, with comprehensive compliance
How can we control data access and platform operations?
More fine-grained than ACLs, use Lenses unified security model over a UI and API to provide flexible access management.
How can we send data operations audits into my SIEM?
Generate audits for all user operations and integrate them with 3rd party SIEM systems such as Splunk.
How can we discover data and mask fields to meet compliance?
Intelligently detect metadata across your applications, connectors and data streams, and then configure pseudonymization.
How can I best authenticate my users to meet compliance?
Authenticate and authorize users via pre-built integrations with top Identity SSO Providers including Okta, Keycloak, OneLogin & Google SSO
How can we make our Kafka data platform multi-tenant?
Protect data access in Kafka, Elasticsearch and Postgres, Kafka Connect data integration connectors and more, all with namespaces!
Kafka security architecture
Kafka security & compliance components
ALERT RULES & NOTIFICATIONS
FINE GRAINED PERMISSIONS
CHANGE MANAGEMENT
AUDIT
LOGS
REGULATIONS &
COMPLIANCE
IDENTITY
PROVIDERS
SECRET
MANAGEMENT
Case Study
Leading the Swedish savings market by safely liberating Kafka data
How did investment platform Avanza win > 1 million customers by enabling developers with a secure data platform?
Key data protection regulations?
Covered:
GDPR
SEC
CCPA
HIPAA
PCI/DSS
