OmniTI was engaged by a non-profit organization to improve performance while maintaining security. One of the challenges of this system was the need to maintain tight security standards around the systemʼs data storage needs. With hundreds of machines in their system, they needed a way to ensure data security that could be implemented without massive changes and without sacrificing performance. To achieve this goal, OmniTI investigated a number of different solutions and chose to use Gazzang, a data encryption solution that works at the filesystem level.
In order to secure the data within MongoDB, we needed a solution that met the following criteria:
Gazzang offers zNcrypt, which extends very low performance impact to disk IO (5%). In addition, zTrustee (the management server) allows us to handle licensing centrally in our environments. Using Opscodeʼs Chef service, we were able to write a cookbook to automate deployment and configuration of zNcrypt. Whatʼs more, the solution is completely transparent to MongoDB and allows us to use access lists, which fingerprint the MongoDB binary, ensuring that only the mongod process can access the encrypted files.
Because of the work done, the data stored on disk is encrypted, which means the client is now in position to apply for industry SOC certifications; and IO performance impact was well within expected parameters, ensuring seamless future growth. In addition, OmniTI was able to work with the engineers at Gazzang to optimize and improve the core product, making sure that performance scales up on large architectures.
OmniTI made it easier to meet the customerʼs high security standards without sacrificing performance.
~ Eddie Garcia, VP, Information Security and Services, Gazzang.