[Webinar] Mastering Kafka Security Across Hybrid Environments → Register Now


Safeguarding Your Kafka Data with Encryption-at-rest

« Kafka Summit London 2024

Data privacy is a crucial issue in today's world: from medical to finance, from retail to the public sector, data must be handled in accordance with national laws, corporate policies and industry best-practices. Being able to ensure data is safe at all times is now a requirement in many use cases.

We’ll start by looking at the threat models that Apache Kafka users often have and requirements such as end-to-end and record encryption. We’ll cover why Apache Kafka’s built-in security features, such as authentication and wire-level encryption, don’t address them. We’ll then look at the various solutions we investigated, weighing their architectural pros and cons.

We’ll detail the solution we ended up building, which is an entirely open source end-to-end encryption mechanism using a L7 proxy for Apache Kafka. We’ll describe in detail some of the key concepts of our implementation as well as some pitfalls we hit, so attendees can learn to safeguard their data’s confidentiality, integrity and availability.

Related Links

How Confluent Completes Apache Kafka eBook

Leverage a cloud-native service 10x better than Apache Kafka

Confluent Developer Center

Spend less on Kafka with Confluent, come see how