Reputation: 754
Securing an individual column in Cassandra
We want our developers to be able to query our Cassandra tables in production (for trouble shooting and other analysis). However, we don't want them seeing secure data like e-mail addresses and names of customers.
I've thought about creating a MATERIALIZED VIEW in Cassandra that selects then entire table except for the sensitive columns. Then I could grant developers SELECT access on the view, but not the main table.
Is that the best way to secure a column in Cassandra?
Someone else I know suggested just encrypting those columns using a data-encrypt feature that our application already has. We would encrypt a field into a string of Hex codes before giving it to Cassandra to store. That would have an added benefit of encrypting the data at-rest in the Cassandra sstable and commit log. BUT if that field is encrypted, then Cassandra can't see the true value of that field, and that could be a big problem for ORDER BY or other CQL comparison functions.
How are most people securing data in Cassandra? :)
Upvotes: 3
Views: 1452
Answers (1)
Reputation: 1381
There is no one right answer to this today. In addition to encryption or views, another approach would be to basically normalize the data, and store the sensitive data in a separate table and/or keyspace.
DataGuise's DgSecure is a commercial product which offers masking capabilities for NoSQL, including Cassandra. There seems to be little information other than press releases available about it.
Upvotes: 0
Related Questions
- Static column in Cassandra
- Is it possible to restrict users to view only a specific set of columns in Cassandra?
- Cassandra - unique constraint on row key
- Securing Cassandra Database on AWS
- Columnwise data hiding in cassandra
- Is it possible to have authentication on keyspaces in Cassandra?
- Cassandra Data Integrity
- Cassandra access control
- How to make Cassandra have a varying column key for a specific row key?
- Column filtering in cassandra