Security by design for Aerospike Cloud
Introduction
As companies migrate workloads to the cloud and develop new cloud-native applications, CIOs and CSOs face the grim reality of maintaining a secure cloud environment that aligns with their operations and provides value to the business. Aerospike Cloud is engineered to meet these security and compliance requirements while accelerating time-to-value.
Aerospike Cloud deploys and manages Aerospike database clusters in a dedicated virtual private cloud (VPC) account with a framework that hides the complexity of securing, monitoring, and auditing database activities while enabling firms to build a secure and reliable foundation for their digital efforts in the cloud.
In The State of Cloud-native Security, published in 2022, Palo Alto Networks (not affiliated with Aerospike) reported that organizations expanded their use of cloud infrastructure by more than 25% over previous years but struggled with security, compliance, and technical complexity. Companies with a clear and robust security protocol are more likely to have low friction levels and improved workforce productivity.
This white paper explores and explains Aerospike Cloud's policies, technologies, and controls. It also describes the roles and responsibilities for operational controls and highlights how Aerospike Cloud’s security framework reduces friction and enhances productivity. For further details, please visit the Aerospike Cloud web page.
Benefits
Operational simplicity and efficiency With Aerospike managing your database, your staff can focus on your business rather than on designing and maintaining the Aerospike deployment.
Security and access management Enterprise-class features provide security and operational controls for authentication, authorization, auditing, and more.
Enterprise-ready
Aerospike's storage engine offers unmatched flexibility and efficiency, delivering predictable performance at petabyte scale. By leveraging in-memory indexing and efficient SSD storage, Aerospike’s Hybrid Memory Architecture (HMA) combines the speed of memory with the cost advantages of SSDs, ensuring optimal performance for large-scale enterprise applications.
Key factors in cloud security
Responsibility for cloud security is shared between users, providers, and administrators. Successful implementation of any cloud solution relies on best practices, tools, and technology. With the experience of deploying countless clusters in many different environments, from development to production, Aerospike has developed a security framework that involves human capital and technology resources that adhere to international standards, as demonstrated by the ISO 27001 and SOC 2 certifications.
Aerospike divides responsibilities for access management along the traditional lines of infrastructure and data management: Aerospike Cloud has exclusive access and control of the infrastructure, and the customer has exclusive access and control of the data. These lines are enforced through policies and tools to satisfy your data security policies.
Role-based access control (RBAC) uses a least-privileged model, limiting team members to the minimum access levels necessary for their required tasks.
Aerospike Cloud organizes access levels in a tiered system. An on-call triage team provides 24x7 responses for change requests, and an escalation team has additional expertise in infrastructure, database, and cloud management.
Network security
Aerospike Cloud follows zero-trust principles. Clusters are isolated in a secure Virtual Private Cloud (VPC). External access to the clusters is controlled through a VPC peering connection to ensure only approved applications can access the cluster. Intra-cluster communication uses Transport Layer Security (TLS) encryption for all network connections. Figure 1 illustrates the overall architecture of Aerospike Cloud, which is designed for high availability and data security.
The Aerospike Cloud network configuration has two primary channels:
Application access to Aerospike database clusters
Aerospike Cloud access to infrastructure deployed in the customer environment
Each channel has its own set of rules and configurations to isolate, optimize, and protect the communications between the different elements of the system.
Cloud Console
The Aerospike Cloud Console provides customers with a dashboard to request configuration changes to clusters. The Cloud console also presents aggregated Aerospike Metrics, allowing customers to view high-level health, configuration, and performance of Aerospike clusters under management. For security, the Cloud Console HTTPS endpoints are protected by industry-standard TLS encryption, OpenID Connect and OAuth 2.0-based authentication and authorization, and a web application firewall with real-time monitoring.
Application access to Aerospike database clusters
Figure 2 shows the connections from the application environment to the Aerospike environment. Note that all these instances are running in the customer cloud account.
Database connections
Database connections (AKA service connections) from users and applications are only allowed from application nodes or authorized users (e.g., database administrators) to Aerospike server nodes. Traffic is encrypted with TLS and restricted using cloud firewall rules and Aerospike Access Control.
Aerospike Monitoring
Aerospike Cloud uses the Aerospike Observability and Management Stack to collect cluster metrics and evaluate current operating conditions to initiate warnings and alerts. A Prometheus service running in the private subnet collects data from every host for the Aerospike Cloud operations team. It is important to note that the monitoring server only collects and stores Aerospike Metrics, not any data stored within the database (which might be potentially sensitive).
Aerospike Cloud access to infrastructure deployed in the customer account
As shown in Figure 3, Aerospike Cloud creates a secure inbound connection to access and manage the infrastructure when deployed in the customer cloud account. These secure connections employ several controls to enable secure administration of the environment, as explained shortly.
The procedure for connecting to the customer environment follows a strict process. First, users must be authenticated, authorized, and connected to a remote virtual private network (VPN). Next, a connection is established to a bastion host or jump host in the public subnet of the environment using public key authentication. Secure Shell (SSH) connections are allowed into the admin nodes in the private subnet from the bastion host.
Aerospike Cloud executes automated playbooks from the admin nodes that indirectly allow the Aerospike employees to establish a connection with the other nodes through the private subnets to conduct configuration management for the cluster.
As part of the security and audit protocol, Aerospike retains audit logs of all SSH logins and the commands executed on all instances under Aerospike management for 90 days. These logs are kept in object storage within the customer cloud account and are available upon request.
Monitoring dashboard access
To monitor the proper operation of the cluster, the Aerospike Monitoring Stack requires a connection from the instrumentation in the cluster to the dashboard. Aerospike Cloud allows HTTPS connections over the public internet to an auth proxy in a public subnet; this connection protects the Aerospike Monitoring Stack used by the Aerospike staff operating the clusters. Only authorized Aerospike employees can access the monitoring dashboard, and access is limited to:
TLS connections originating from the Aerospike corporate VPN
Authentication with the Aerospike corporate directory via OpenID Connect
Database authentication and user management
Authentication is required to access the Aerospike database. Upon initial provisioning of an Aerospike cluster, Aerospike Cloud will securely share credentials with the user-admin privilege to allow customers to create and manage credentials for client applications and administrators. Customers are responsible for managing the lifecycle of the provided user admin and derivative credentials.
Aerospike Cloud separately manages the lifecycle of a subset of users who operate the database – i.e., users employed by Aerospike to manage its cloud service. Aerospike Cloud database users only have access to the configuration and metrics in the cluster. They never have access to user data; only customers have access to the data they’ve stored in their databases.
As noted earlier, all operations performed by Aerospike employees and system processes are logged in the Aerospike Audit Trail and retained in cloud object storage for 90 days (default).
Encryption
Data is encrypted in transit and at rest. We’ll discuss each form of encryption in turn.
Encryption in transit
All Aerospike Cloud database traffic in transit is encrypted with the TLS 1.2 protocol. This includes service traffic between the application and Aerospike database instances, fabric traffic of replicated data between Aerospike Database nodes, and heartbeat traffic for clustering. Aerospike manages the TLS configuration and the certificate lifecycle.
Encryption at rest
Aerospike has two options for encrypting data stored on disk (i.e., data at rest): AES-128 encryption (the default) or AES-256 encryption. Customers consider performance and security requirements when they choose between the two. Each Aerospike namespace has a randomly generated key, distinct from other namespaces.
Encryption keys
Aerospike installs the encryption keys for both TLS and encryption at rest on server instances with automated configuration management (CM). Aerospike Cloud stores the secrets in a separately encrypted vault with AES-256 encryption. CM decrypts the secrets at runtime while installing them to the filesystem, which restricts read-only access by the Linux user of the Aerospike database process.
Customer auditable artifacts
Aerospike Cloud maintains auditable logs from the managed environment and access logs to the database. Both are available to the customer on demand. Available artifacts include:
Access logs for database users Successful and failed authentication attempts and other system admin operations against the Aerospike database captured by the Aerospike Audit Trail.
Access logs for the Aerospike Cloud employees’ access to Linux systems Sessions initiated by Aerospike Cloud.
Conclusion
Digital security in the cloud is a complex process that requires training, adaptability, agility, and commitment. By working with Aerospike Cloud, firms can leverage Aerospike’s experience acquired from deploying hundreds of clusters in different environments to satisfy the demands of real-time applications. Aerospike applies rigor and discipline to Aerospike Cloud, helping firms quickly and effectively deploy a real-time data platform solution to meet their development, staging, testing, or production needs. Aerospike Cloud includes options for disaster recovery, multi-region, or multi-cloud deployments.
Corporations can direct their IT staff to focus on supporting core business initiatives by delegating deployment and operation of Aerospike in the cloud to skilled, experienced Aerospike and cloud specialists capable of delivering the highest level of security for Aerospike’s real-time data platform.
Get started with Aerospike
For high-performance, scalable data management and ultra-low latency, ideal for handling massive datasets and real-time applications.
FAQs
Find answers to common questions below to help you learn more and get the most out of Aerospike.
Cloud database security refers to measures and technologies designed to protect data stored in cloud-based infrastructures from unauthorized access, breaches, and other cyber threats. It involves practices like user authentication, access control, and compliance to safeguard cloud databases effectively.
Cloud database security is essential for protecting intellectual property and sensitive data and maintaining customer trust. It helps mitigate risks like data breaches and ensures compliance with regulatory standards, which is especially critical in the cloud environment.
Advantages include scalability, encryption, and disaster recovery. Challenges often involve managing shared responsibility with cloud providers, maintaining compliance, and addressing security threats like data breaches and account hijacking.
Cloud database security works through a combination of security controls, policies, and technologies. Key steps include implementing access control, encrypting data, and setting up monitoring systems to detect and respond to threats.
Cloud providers offer foundational tools and infrastructure, such as encryption tools and compliance support. Database providers typically enhance these measures with additional features such as detailed access control, encryption management, and monitoring to address business-specific needs.
Cloud database security offers benefits such as robust encryption for data protection, scalability to handle growing data needs, and disaster recovery options ensuring business continuity in case of failure. Combining cloud provider tools with database provider features creates a comprehensive security framework.
Cloud security protects sensitive data through advanced encryption methods, access controls, and regular monitoring to prevent unauthorized access and mitigate the risk of data breaches.
Common challenges include maintaining data visibility and control, ensuring compliance with regulations, and addressing threats such as data breaches and unauthorized access in the cloud environment.
Challenges during configuration include selecting appropriate security controls, managing encryption settings, and ensuring proper monitoring to detect vulnerabilities and mitigate risks.
Major threats include API vulnerabilities, data breaches, unauthorized access, and application exploits. These threats can compromise sensitive data and disrupt operations.
Organizations can mitigate threats by implementing robust access controls, encrypting sensitive data, and leveraging tools provided by both cloud and database providers to continuously monitor for vulnerabilities.
Best practices include implementing strong access controls, encrypting data both at rest and in transit, regularly updating security policies, and performing routine backups to protect against data loss.
The shared responsibility model defines the security responsibilities of cloud providers and customers. Providers secure the cloud infrastructure, while customers and database providers collaborate to manage the security of data and applications within the cloud.
Data encryption ensures that sensitive information is protected from unauthorized access by converting it into unreadable formats, both during transmission and storage.
To secure access, organizations should change default logins, implement multi-factor authentication, enforce role-based access controls provided by database solutions, and limit user permissions based on roles and responsibilities.