Today, Kafka is used in production by more than a third of the Fortune 500 with a few entities (ie Linkedin, Microsoft, and Netflix) processing more than one TRILLION Kafka messages a day per TechRebublic. Despite its success and criticality, Apache Kafka is the Wild Wild West without security.
With a standard Kafka setup, any user or application can read/write any message from/to any topic and you get coarse-grained access control (ie SASL/PKI, ACL). Security needs to be designed-in, especially with many organizations and applications sharing the same Kafka cluster, and with clusters storing confidential and sensitive information. With Octarine, you get the following key capabilities:
Gain insights into all “pub-sub” activity such as topology / policy visualization for forensics, and threat / policy violations for security mitigation and compliance via a single panel of glass.
All data in motion should be encrypted (ie between producers / consumers and Kafka brokers) and all entities and messages should be cryptographically verified.
Authenticate each producer, consumer, and broker with an unique, persistent identity as a basis for authorization. Take advantage of a whitelist policy to ensure whether a client is authorized to read / write to a topic.
Octarine’s application-level security platform ensures you know exactly what’s
happening within and among your Kafka clusters and can enforce effective policies that
keep your data private and protected. It doesn’t matter how or where you’ve deployed
your Kafka cluster – in public or private clouds, using VMs or containers. Octarine can
keep all your Kafka clusters secure to prevent any unauthorized activity or data
exfiltration. Ultimately, the new perimeter is enforced at the microservices