Building GDPR Compliant Applications with ArangoDB
As of 25 May, 2018 General Data Protection Regulation (GDPR) data privacy regulations were set into effect. Any organization inside or outside the EU must be GDPR compliant if they store, use, secure, or transmit EU resident personal data. GDPR compliance should be a top priority for many applications today.
Therefore, it is critical that your database has the features to help you reach full GDPR compliance.
We can put your mind at ease by providing the security and privacy necessary for GDPR compliance for any applications built with ArangoDB.
|Identify Personal Data||Access Control||Audit
|Personal Data Retention||Encryption 360°|
|Backup and Disaster Recovery|
ArangoDB Community & Enterprise Edition For GDPR Compliance
ArangoDB has you covered ensuring your applications built with ArangoDB maintains GDPR compliance by meeting these three key privacy and security requirements:
There are two versions of ArangoDB available: ArangoDB Community Edition and a commercial ArangoDB Enterprise Edition. ArangoDB Community Edition is a free native multi-model database available under open-source license, while ArangoDB Enterprise is a paid subscription that includes SmartGraphs, SatelliteCollections and many enterprise-level security features.
While the community edition provides some basics for compliance, the Enterprise Edition provides everything out-of-the-box. These additional security capabilities are what will ensure your database is GDPR compliant.
Identify Personal Data - ArangoDB Web UI
All personal data that is part of your application must be identified within your database. Rather than performing manual queries, ArangoDB Web UI is a visualization tool that allows you to observe, manipulate, and explore your data. By using the graph database capabilities of ArangoDB you can also easily build solutions to track the path of your user’s data throughout your organization and beyond. Ensuring the users right to be forgotten is met with ease.
Personal Data Retention - TTL Indexes
Available in version 3.5 and above, ArangoDB includes Time To Live (TTL) Indexes. The right to be forgotten is a key element of GDPR and with TTL it’s pretty easy to implement. With this feature owners can automate the expiration of personal data.
Encryption 360° - Data Encrypted at all Times
Encryption is a critical safeguard that ensures the security of the data and protects outside users from accessing data by monitoring traffic or intercepting data in transit. ArangoDB has you covered keeping your data encrypted at all times using three different methods to: Encryption at Rest, Encryption in Transit, and Encrypted Backups.
Encryption at Rest: To protect against direct reading of files that are already on a disk ArangoDB offers Encryption at Rest. The Encryption feature of ArangoDB will encrypt all data that ArangoDB is storing in your database before it is written to disk.
The data is encrypted with AES-256-CTR, which is a strong encryption algorithm, that is very suitable for multi-processor environments. This means that your data is safe, but your database is still fast, even under load. Furthermore, most modern CPU’s have built-in support for hardware AES encryption, which makes it even faster.
Encryption in Transit: SSL Certification Encryption is used to protect data in transit from the database to the application. The ArangoDB server provides a variety of SSL options including: SSL Endpoints, Keyfile, CA File, SSL protocol, SSL Cipher, and SSL peer certificate (only available in Enterprise Edition).
Encrypted Backups: With the ArangoDB Enterprise Edition, AES 256 encryption of data dumps is supported. The dump is encrypted using an encryption keyfile, which must contain exactly 32 bytes of data (required by the AES block cipher).
The keyfile can be created by either an external program, or, on Linux. Encrypted backups are supported with the default storage engine RocksDB.
Access Control - Authentication
Authentication establishes the identity of all users accessing the database. Each user attempting to enter the system must be appropriately identified to determine their role and ability to access the database. The ArangoDB LDAP Server feature available in ArangoDB Enterprise is the solution to this problem.
The basic idea is that one can keep the user authentication setup for an ArangoDB instance (single or cluster) outside of ArangoDB in an LDAP server. A crucial feature of this is that one can add and withdraw users and permissions by only changing the LDAP server and in particular without touching the ArangoDB instance. Changes will be effective in ArangoDB within a few minutes.
Authorization - Monitoring Access and Permissions
After the user’s identity has been established, it must be determined if they have permission to access the data they are querying. Authorization also determines what actions a user is permitted to make once entering the system such as read/write privileges. An ArangoDB server with LDAP certification has the access to revoke any permission database.
Once the user is authenticated in the LDAP server, there are two methods for authorization: (a) “roles attribute” and (b) “roles search”.
In method (a) ArangoDB acquires a list of roles the authenticated LDAP user has from the LDAP server. The actual access rights to databases and collections for these roles are configured in ArangoDB itself. The user effectively has the union of all access rights of all roles he has. This method combines the advantages of managing users and roles outside of ArangoDB in the LDAP server with the fine-grained access control within ArangoDB for the individual roles.
An alternative method (b) for authorization is to conduct a search in the LDAP server for LDAP objects representing roles a user has. If the configuration option is given, then the user string in the search expression is replaced with the distinguished name of the authenticated LDAP user and the resulting search expression is used to match distinguished names of LDAP objects representing roles of that user.
Backup and Disaster Recovery - ArangoDB Hot Backups
In version 3.5 and above ArangoDB offers incremental backups, also known as “Hot Backups”. You are protected against unforeseen events as the database will continuously backup your data.
Auditing - ArangoDB Audit Log
The previously mentioned measures all provide you security in the present, but what happens when personnel, access privileges, and roles change within your company? A process must be set in place to ensure ongoing compliance despite any organizational changes. The ArangoDB auditing process allows you to monitor access history to the database in detail. An audit log is required to provide a history of all access and security settings allowing you to validate any changes to users and roles to remain regulatory compliant.
In general, audit logs are of the form of timestamp, username, database, client-ip, and authentication.
- The time-stamp is in GMT. This allows to easily match log entries from servers in different time zones.
- The name of the server. You can specify a custom name on startup. Otherwise the default hostname is used.
- The username is the (authenticated or unauthenticated) name supplied by the client. A dash – is printed if no name was given by the client.
- The database describes the database that was accessed. Please note that there are no database crossing queries. Each access is restricted to one database.
- The client-ip describes the source of the request.
- The authentication details the methods used to authenticate the user.
- These fields provide the details necessary to ensure your application is GDPR compliant.
If you are considering using ArangoDB as your native multi-model solution to store your EU personal data, rest assured that you will be GDPR compliant. The ArangoDB Enterprise Edition has the necessary measures set in place including Authentication, Authorization, Encryption, and Auditing to ensure your organization is in full GDPR and HIPAA Compliance.