Webinar: How to Build a Streaming Data Mesh | Register Now

Secure Apache Kafka® with Confluent

  • Protect your data with granular access controls and real-time monitoring
  • Minimize risk of security breaches with secure and automated cluster provisioning
  • Stream with cloud-native agility while maintaining global privacy and regulatory compliance

Secure resources

Oct 7

Secure Apache Kafka in Confluent Cloud

Make Apache kafka Secure with Confluent

Oct 15

Confluent Cloud Security Overview

Introduction to Confluent Cloud security

Oct 22

Confluent Cloud Security Demo

Learn how easy it is to secure Apache Kafka in the cloud

Nov 6

What's New in Confluent Cloud Security

Learn about RBAC, Audit Logs, and BYOK in Confluent Cloud

Why Apache Kafka® security matters

Protect data with granular access controls & real-time monitoring

Problem: Democratizing data and event streams across a company introduces the requirement to deploy access controls and policy enforcement at scale for both users and applications. This is not available with open source Apache Kafka and requires custom tooling that can delay applications from moving to production by months if not years.

  • Establish scalable and centralized roles and privileges definitions for users and apps across your event streaming platform with Role Based Access controls (RBAC)
  • Gain real-time insights into platform authorization logs and other security events with Audit Logs to quickly take action and deal with suspicious activity
Minimize risk of security breaches with automated provisioning

Problem: Defining configurations that meet an organization's data security and configuration requirements for Kafka and its complete ecosystem can be a process that takes months, if not years. This can indefinitely delay launch of value generating applications as well as reduce overall developer productivity due to lack of secure resources to build event-driven applications.

  • Reduce risk of data leaks with automated cluster provisioning options that include best-practices configurations and implement least privilege principles by default with self-serve provisioning in Confluent Cloud and Confluent Operator and Ansible in Confluent Platform
  • Add additional security layers to Confluent Cloud as part of provisioning with private networking options - including VPC/Vnet peering, AWS Transit Gateway and AWS PrivateLink)- and customer managed encryption keys for data at-rest on Dedicated clusters
Confidently stream with global privacy and regulatory compliance

Problem: Security and compliance are top of mind concerns for both business and technical leaders as applications are built or modernized in the cloud. Adopting best of breed technologies can be operationally complex without a managed service that can be trusted in terms of reliability, security & compliance. If a service does not check all the boxes, companies are forced to self manage clusters instead of focusing on app developing activities that generate business value.

  • Focus on app development and confidently stream using Kafka with Confluent’s fully managed service designed to be secure from the start and whose security controls & operational practices have been validated with SOC I, III & ISO 27001 certifications
  • Effortlessly maintain data privacy and regulation requirements across the entire globe with a fully-managed service available across +40 regions on AWS, Azure and Google Cloud.

Confluent Benefits

Reduce risk of unwanted access
Secure data from the start
Meet global security standards

Leverage RBAC and Audit logs to protect and monitor Kafka ecosystem access

Implement data security best-practices from the start with automated cluster provisioning and private connections

Scale applications without regional limitations with compliance and data privacy built into the platform


  • New Preview

    Role-Based Access Controls (RBAC)

    Scalable granular access controls for environments and cluster

  • New Preview

    Audit Logs

    Capture and preserve authorization activity into Kafka

  • New Preview(AWS)

    Bring Your Own Key

    Manage your own encryption keys for at-rest data on Dedicated clusters.

  • New Available

    AWS PrivateLink

    Establish private connectivity between your clients and Dedicated clusters with AWS Private Link

  • Available


    SOC 1/2/3, ISO 27001, PCI, CSA Star level 1, GDPR/CCPA readiness, HIPAA readiness

  • Available

    Role Based Access Controls (RBAC)

    Scalable granular access controls for cluster and topics

  • Preview

    Audit Logs

    Capture and preserve authorization activity into Kafka

  • Available

    Secret Management

    Systematically prevent storing sensitive information such as passwords and API tokens in plain text

  • Available

    Vulnerability monitoring

    Proactive monitoring of Common Vulnerabilities and Exposures (CVEs) with proactive resolution

  • Available


    Use SASL_Plain to only accept secure connectors and single sign on with your identity providers

  • Available


    Data can be encrypted at-rest and encrypted in-transit between Kafka and clients

  • Available

    Access Control Lists (ACL)

    Granular control over application access and management of topics and consumer groups

More Project Metamorphosis releases


How can you ensure your Kafka infrastructure is flexible enough to adapt to your changing cloud requirements?

Read More


How do you distribute real-time events across the globe and make them accessible from anywhere?

Read More


How do you maximize the value of your real-time data and harness the full power of event streaming?

Read More

Try it out

Fully managed service

Deploy in minutes. Pay as you go. Try a serverless Kafka experience.

Self-managed software

Experience the power of our enterprise-ready platform through our free download.

*Start your 3-month trial. Get up to $200 off on each of your first 3 Confluent Cloud monthly bills