This is an automated email from the ASF dual-hosted git repository.
blerer pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/cassandra-website.git
commit 395d33b7d5b38e06754c71210ec9a6577beac6f4
Author: Diogenese Topper <diotop...@gmail.com>
AuthorDate: Thu Jan 27 13:50:02 2022 -0800
January 2022 blog "Tightening Security for Apache Cassandra Part: 1"
patch by Maulin Vasavada, Diogenese Topper; reviewed by Eric Ramirez for
CASSANDRA-17317
Add blog post titled "Tightening Security for Apache Cassandra Part: 1"
update blog index
add 2 images for blog
---
.../modules/ROOT/images/blog/emarketer-chart.png | Bin 0 -> 232196 bytes
.../images/blog/tighten-security-p1-unsplash.jpg | Bin 0 -> 199281 bytes
site-content/source/modules/ROOT/pages/blog.adoc | 24 +++++++++++
...ening-Security-for-Apache-Cassandra-Part-1.adoc | 45 +++++++++++++++++++++
4 files changed, 69 insertions(+)
diff --git a/site-content/source/modules/ROOT/images/blog/emarketer-chart.png
b/site-content/source/modules/ROOT/images/blog/emarketer-chart.png
new file mode 100644
index 0000000..c9d1a60
Binary files /dev/null and
b/site-content/source/modules/ROOT/images/blog/emarketer-chart.png differ
diff --git
a/site-content/source/modules/ROOT/images/blog/tighten-security-p1-unsplash.jpg
b/site-content/source/modules/ROOT/images/blog/tighten-security-p1-unsplash.jpg
new file mode 100644
index 0000000..bb83160
Binary files /dev/null and
b/site-content/source/modules/ROOT/images/blog/tighten-security-p1-unsplash.jpg
differ
diff --git a/site-content/source/modules/ROOT/pages/blog.adoc
b/site-content/source/modules/ROOT/pages/blog.adoc
index 671e40b..a848978 100644
--- a/site-content/source/modules/ROOT/pages/blog.adoc
+++ b/site-content/source/modules/ROOT/pages/blog.adoc
@@ -14,6 +14,30 @@ NOTES FOR CONTENT CREATORS
[openblock,card-header]
------
[discrete]
+=== Tightening Security for Apache Cassandra: Part 1
+[discrete]
+==== January 31, 2022
+------
+[openblock,card-content]
+------
+The growth in ecommerce has demanded a greater focus on data security, Maulin
Vasavada begins a mini-series on how to customize SSL/TLS configurations to
tighten security in Cassandra 4.0+.
+
+[openblock,card-btn card-btn--blog]
+--------
+[.btn.btn--alt]
+xref:blog/Tightening-Security-for-Apache-Cassandra-Part-1.adoc[Read More]
+--------
+
+------
+----
+//end card
+
+//start card
+[openblock,card shadow relative test]
+----
+[openblock,card-header]
+------
+[discrete]
=== Apache Cassandra Changelog #11
[discrete]
==== January 18, 2022
diff --git
a/site-content/source/modules/ROOT/pages/blog/Tightening-Security-for-Apache-Cassandra-Part-1.adoc
b/site-content/source/modules/ROOT/pages/blog/Tightening-Security-for-Apache-Cassandra-Part-1.adoc
new file mode 100644
index 0000000..e78ecc5
--- /dev/null
+++
b/site-content/source/modules/ROOT/pages/blog/Tightening-Security-for-Apache-Cassandra-Part-1.adoc
@@ -0,0 +1,45 @@
+= Tightening Security for Apache Cassandra: Part 1
+:page-layout: single-post
+:page-role: blog-post
+:page-post-date: January, 31 2022
+:page-post-author: Maulin Vasavada
+:description: The Apache Cassandra Community
+
+image::blog/tighten-security-p1-unsplash.jpg[secure lock and chain across a
door]
+
+Image credit: https://unsplash.com/@thommilkovic[Thom Milkovic on Unsplash^]
+
+This series will show you how Apache Cassandra 4.0+ enables users to customize
SSL/TLS configuration flexibly and enhance the database’s security posture.
First, we will start with some context before diving into the technical details.
+
+According to eMarketer’s
https://www.emarketer.com/content/us-ecommerce-forecast-2021[forecast in
2021^]: “US e-commerce sales are projected to continue to grow by double
digits, up 17.9% in 2021 to $933.30 billion. E-commerce penetration will
continue to increase, more than doubling from 2019 to 23.6% in 2025.” While
eMarketer’s data is only for the US, the global trend is seeing a similar
upward swing. With this growth in buying online, there is an increased focus on
security and how t [...]
+
+image::blog/emarketer-chart.png[eMarketer chart]
+[#img-ecommerce]
+The growth in ecommerce also demands software that's both secure and scalable.
+
+=== Adoption of Apache Cassandra & Securing Data
+
+Apache Cassandra is the open source NoSQL database for mission-critical data.
Its adoption grows day-by-day in the industry, and it’s used by all sizes of
organizations serving varied technical and business domains, such as IT
Financial Services, Healthcare, Retail, Government, and Education, to name a
few. You can find some
xref:blog/Apache-Cassandra-Usage-Report-2020.adoc[interesting statistics] from
the 2020 survey about Apache Cassandra’s usage in the industry.
+
+As the web traffic grows for business-to-consumer interactions, service
providers need to ensure customer data is securely protected and the backing
software can scale to handle growing demand without outages. Service providers
use various technologies to support their business functions such as Online
Transaction Processing (OLTP), serving internal analytical needs for customer
insights, running risk and fraud detection systems, etc. As traffic grows, each
sub-system and technology will [...]
+
+Primarily there are two avenues to consider for securing data: data in transit
and data at rest.
+
+Data in transit refers to the data traveling between computers over the
network (sometimes referred as ‘over-the-wire’). For example, a customer’s
credit card details travel to the service provider for payment processing, and,
of course, customers expect that to be done securely.
+
+Data at rest refers to the data digitally stored for durability. Like data in
transit, data at rest needs to be secured with appropriate access control
mechanisms and data encryption.
+
+In this series, we’re focused on securing data in transit. We will cover the
security aspects in more detail in Part 2, but first, a few basics of security
followed by how Apache Cassandra enables operators with configurable options
for securing data in transit, meaning between client nodes and Cassandra server
nodes and from server to server.
+
+
+=== Using TLS to secure data-in-transit
+
+TLS (Transport Layer Security) is an industry-standard cryptographic protocol
to secure data over the wire between two computers. Typically, this is between
a web server and a browser. It is a successor of SSL (Secure Socket Layer)
protocol and many times you would notice SSL and TLS are used interchangeably
by technologists for higher-level discussions. Here are some good
https://www.internetsociety.org/deploy360/tls/basics/[guides^] for learning
about TLS basics and understanding the h [...]
+
+TLS requires the server to have an asymmetric key pair
https://protonmail.com/blog/tls-ssl-certificate/#What-is-a-TLS-certificate[digital
certificate^]. This enables the client to trust the server is what it claims
to be, but the server will trust any client. In order to limit which clients
the server trusts, you must provide the server with a similar certificate for
each allowed client so the server can
https://aboutssl.org/ssl-tls-client-authentication-how-does-it-works/[authenticate
a [...]
+
+Apart from some https://www.internetsociety.org/deploy360/tls/basics/[higher
level challenges^] with TLS, there are also operational challenges you will
need to consider, which we will cover in Part 2. Next time, we will look at
storing your private key and password, credential rotations, operations at
scale, and how to configure TLS/mTLS on the server-side.
+
+=== Want to learn more about Apache Cassandra’s security features?
+
+Head to our
https://cassandra.apache.org/doc/trunk/cassandra/operating/security.html[Security
documentation] section for more details.
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
