Gazzang for Couchbase Server

Data in Couchbase server may contain either sensitive, protected information or key intellectual property. Typically, this information is distributed throughout the cluster calling for the underlying data files to be protected. Gazzang for Couchbase offers a powerful, policy-driven solution that enables you to encrypt your data stored in Couchbase Server. With Gazzang, data files in Couchbase Server are encrypted on disk. This ensures that your data is not compromised if your database is stolen, copied, lost, or otherwise improperly accessed.

Why encrypt your data in Couchbase Server?

Imagine that you’re building an online shopping app. Your app may store different kinds of information in Couchbase - customer names and physical addresses, email address, purchase patterns from stores, browsing patters from the web store or even geo location data for the physical location of the store. In this scenario, physical addresses combined with user credential information represent a significant risk – both against compliance regulations and data breach laws.

To mitigate these risks, you can use Gazzang to transparently encrypt your Couchbase data files on disk. There are no changes necessary to your app, storage or data. Your data remains secure and your app continues to enjoy the benefits of Couchbase Server.

What Gazzang and Couchbase Provide

Couchbase Server provides easy scalability, low-latency document access, indexing and querying of JSON documents and real-time analytics with incremental MapReduce.

Gazzang provides transparent data encryption and crypto key management for your data stored in Couchbase through zEncrypt and zTrustee.

Gazzang zNcrypt™

  • Transparent encryption for data at rest
  • Maximum flexibility and scalability regardless of the size or location of your deployment
  • Tested and benchmarked on Couchbase with minimal performance impact

Gazzang zTrustee

  • Policy-based key management for Gazzang zNcrypt
  • Manages other keys, tokens, certificates and other security-related objects
  • Keys are stored separate from the encrypted data
  • Features robust, multi-layered access controls and policies

High-Level Architecture

Gazzang zNcrypt encrypts Couchbase data on the fly as it’s written to disk and decrypts the data only when fetched by an authorized process. No modifications to your Couchbase application, data or storage are necessary, and the encryption, especially when done at the block device level, is extremely fast. Gazzang zTrustee ensures the crypto keys are separated from the encrypted data and enforces multi-layered policies that prevent unauthorized processes or users including cloud/OS admins.

Getting Started with Couchbase Server and Gazzang

To get started with Couchbase Server and Gazzang: