[Webinar] How to Protect Sensitive Data with CSFLE | Register Today
Ensure confidentiality, compliance and secure access for Apache Kafka®
Confluent Platform completes Kafka with enterprise-grade security capabilities to ensure confidentiality of critical information, traceability of user actions and secure access to resources with scalability and standardization.
Features
Secret Protection
Secret Protection safeguards all critically sensitive information (e.g passwords and tokens) within Kafka with at-rest encryption of configuration files. It encrypts not only Kafka files, but any config file published to Kafka.
Structured Audit Logs
Structured Audit Logs captures authorization logs in a set of dedicated Kafka topics, on a local or a remote cluster. Use Kafka native tools, such as ksqlDB, to process and analyse, or offload to external systems using Confluent connectors.
Role-Based Access Control
RBAC is a centralized implementation for secure access to Kafka resources with fine-tuned granularity and platform-wide standardization. Control permissions by users/groups to clusters, topics, consumers groups and even individual connectors.
OAuth/OIDC Support
Streamline authentication by managing application identities and credentials through your own OIDC identity provider with OAuth, an industry standard for authentication. Map groups of identities to your RBAC and access control list (ACL) policies.
Ensure confidentiality and compliance
Protect critically sensitive information
Avoid risk by ensuring that confidential information, such as user passwords, is only visible to authorized users. Secret Protection provides:
- At-rest encryption for any configuration file published to Kafka
- Support across all Confluent Platform components (Connect, ksqlDB, Schema Registry, REST Proxy and Control Center)
Streamline authentication with industry-leading standards
Enhance security while reducing operational burden by managing application identities and credentials through your own OIDC identity provider. OAuth is an industry standard for providing authentication that allows you to:
- Enhance security by accessing your resources and data without sharing or storing user credentials
- Streamline authentication with one source of identity by bringing your identity provider, and mapping groups to your RBAC or access control list (ACL)
- Maintain compliance without sacrificing efficiency by authenticating with industry-leading standards
Trace user actions to conduct forensics
Capture the actions taken by users to detect abnormal behavior, identify potential security threats, and address compliance requirements related to information security. Structured Audit Logs allows you:
- Store authorization logs in dedicated Kafka topics
- Manage the type of logs that need to be traced
- Process and analyze using ksqlDB, or offload to external systems using Confluent sink connectors.
To provide industry-backed standardization, Structured Audit Logs uses the CloudEvents specification to define the log syntax.
Enable granular access to critical resources
Enable secure, efficient use of resources
Control permissions by users and groups to shared platform resources, such as clusters, topics, and even individual connectors. RBAC allows you to run multi-tenant clusters, allowing for more scalable operations and more efficient use of resources.
Integrate with identity providers
RBAC integrates with existing security authorization systems (OAuth/OIDC) to allow you to naturally handle permissions using a common user inventory across existing IT systems. With support for OAuth, you can leverage your own identity provider and centralize identity management across applications and deployments.
Simplify enterprise-scale Kafka operations
Scale Kafka security management efficiently
Delegate the responsibility of managing access permissions to true resource owners, such as departments and business units. RBAC helps you scale Kafka more efficiently, because it spreads the operational load of managing authorization across a variety of users, which eliminates bottlenecks.
Manage Kafka centrally and visually
Simplifies security management across your organization by using Control Center to view your own permissions, as well as manage role bindings for your downstream stakeholders.
Standardize security across the platform
Leverage a single framework to centrally manage and enforce security authorization across the entire Confluent Platform to ensure security at scale. RBAC delivers comprehensive authorization enforced via:
- All user interfaces: GUI, CLI, and APIs
- All Confluent Platform components: Control Center, Kafka Connect, ksqlDB, Schema Registry, and REST Proxy.