ArangoDB Enterprise: Security
Enhanced Encryption Control
ArangoDB Community Edition supports the use of SSL/TLS to encrypt communications with the database and between database instances in a cluster.
Enterprise Edition users have the option of taking this a step further with Enhanced Encryption. This allows you to configure ArangoDB to only use TLS 1.2, ensuring that your databases always use the highest-level of security standards in your production environments.
Encryption at Rest
When you store sensitive data in your ArangoDB database, you want to protect that data under all circumstances. At runtime, you will protect it with SSL transport encryption and strong authentication, but when the data is already on disk, you also need protection. That is where the Encryption feature comes in.
The Encryption feature of ArangoDB will encrypt all data that ArangoDB is storing in your database before it is written to disk.
The data is encrypted with AES-256-CTR, which is a strong encryption algorithm, that is very suitable for multi-processor environments. This means that your data is safe, but your database is still fast, even under load.
Most modern CPU’s have built-in support for hardware AES encryption, which makes it even faster. Read more here.
Note: The Encryption feature requires the RocksDB storage engine.
With this feature, ArangoDB takes another big step towards HIPPA compliance.
Enhanced Authentication with LDAP
Normally, users are defined and managed in ArangoDB itself. Starting with the Enterprise Edition 3.2, you can use an external server to manage your users with LDAP. We have implemented a common schema which can be extended.
In terms of both compliance and forensic analysis of data breaches, auditing is an important tool. ArangoDB audit logs provide an irrefutable record of actions taken, whether they are generated by a database, directory, or operating system.
The ArangoDB audit log records the following actions:
- Database creation and deletion
- Collection creation and deletion
- Index creation and deletion
- Read access to documents
- Query alterations
Want to know more? Let us show you the power of ArangoDB Enterprise Edition and how we can contribute to your project with our 20+ years of database experience. Request a demo or an introduction call wit us.