Confluent Cloud equips teams with the complete set of enterprise-grade tools needed to build and launch data-in-motion apps faster while upholding strict security and compliance requirements.
Confluent encrypts all data-at-rest by default with further options for data-at-rest available with Bring Your Own Key (BYOK) encryption. All network traffic to clients (data-in-motion) is encrypted with TLS 1.2.
BYOK provides you with the ability to encrypt data-at-rest with your own custom key and enables more control for access disabling, should the need ever arise.
Confluent clusters are accessible through internet endpoints using secure TLS connections. We also provide secure private networking options, including VPC/VNet peering, AWS PrivateLink, Azure Private Link, and AWS Transit Gateway.
A VPC/VNet peering connection is a networking connection between your VPC/VNet and Confluent Cloud that enables you to route traffic using private IPv4 addresses. VPCs/VNets can communicate with each other as if they are within the same network.
AWS PrivateLink and Azure Private Link allow for one-way secure connection access from your VPC/VNet to Confluent Cloud with an added protection against data exfiltration. These networking options are popular for their unique combination of security and simplicity of setup.
AWS Transit Gateway connects your VPC to Confluent Cloud through a central hub. This simplifies your network and puts an end to complex, full mesh peering relationships. It acts as a cloud router with each new connection only made once.
Confluent provides SAML/SSO so you can utilize your preferred identity provider to authenticate user logins to Confluent Cloud.
You have granular access control across your cloud Kafka deployment through service accounts and access control lists (ACLs) in order to gate application access to critical Kafka resources like topics and consumer groups. Whether managing a small deployment or operating at scale, Role-Based Access Control allows you to easily assign permissions to your users based on logical roles.
Set role-based permissions per user to gate management access to critical resources like production environments, sensitive clusters, and billing details. New users can be easily onboarded with specific roles as opposed to broad access to all resources.
It’s critical to keep a close eye on who is touching your data and what exactly they’re doing with it. Confluent API/CLI/GUI are protected with strict security considerations. Additionally, Audit Logs are available to assist with identification of potential anomalies and bad actors.
Track user/application resource access events through a specific Kafka topic that you can consume in real time like any other Kafka topic and analyze/audit within your service of choice, such as third-party tools like Splunk or Elastic. Audit Logs are enabled by default so you don’t have to take any actions to set them up.
Every minute you spend managing Kafka or developing security controls that are not core to your business is time taken away from building impactful customer experiences and products. Ready to start using the most secure cloud service for data in motion?