Spotlight Gazzang : Data Security in the Cloud
Ensuring Security without Sacrificing Performance
OmniTI was engaged by a non-profit organization to improve performance while maintaining security. One of the challenges of this system was the need to maintain tight security standards around the systemʼs data storage needs. With hundreds of machines in their system, they needed a way to ensure data security that could be implemented without massive changes and without sacrificing performance. To achieve this goal, OmniTI investigated a number of different solutions and chose to use Gazzang, a data encryption solution that works at the filesystem level.
In order to secure the data within MongoDB, we needed a solution that met the following criteria:
- While all encryption adds overhead, we needed the performance hit to conform to tight thresholds given the 200TB (and growing) data set
- The solution had to work in the Amazon Web Services (AWS) environment and be easily deployed across 192 MongoDB servers (64 shards)
- We wanted the solution to be something that could be implemented without requiring modifications to MongoDB
- And, of course, we had to have a high level of trust in the methods of data encryption that would be used
Solution
Gazzang offers zNcrypt, which extends very low performance impact to disk IO (5%). In addition, zTrustee (the management server) allows us to handle licensing centrally in our environments. Using Opscodeʼs Chef service, we were able to write a cookbook to automate deployment and configuration of zNcrypt. Whatʼs more, the solution is completely transparent to MongoDB and allows us to use access lists, which fingerprint the MongoDB binary, ensuring that only the mongod process can access the encrypted files.
Benefits
Because of the work done, the data stored on disk is encrypted, which means the client is now in position to apply for industry SOC certifications; and IO performance impact was well within expected parameters, ensuring seamless future growth. In addition, OmniTI was able to work with the engineers at Gazzang to optimize and improve the core product, making sure that performance scales up on large architectures.
OmniTI made it easier to meet the customerʼs high security standards without sacrificing performance.
~ Eddie Garcia, VP, Information Security and Services, Gazzang.