Database provider DataStax Inc. today introduced new cybersecurity features to help enterprises more effectively protect their business information from hacking attempts. 

Santa Clara, California-based DataStax is backed by more than $227 million in venture funding. Its flagship product is Astra DB, a cloud-based NoSQL database that helps companies store and process their business information. 

Astra DB is based on Apache Cassandra, one of the most popular open-source NoSQL databases. Cassandra is used by major enterprises such as Apple Inc. and Visa Inc. because it has features that make the task of managing a large company’s data easier.

One of those features is scalability: It can hold petabytes of information. Another major selling point is that Cassandra can withstand outages. If some of the servers in a Cassandra deployment experience a malfunction, the remaining machines can continue operating.

DataStax’s Astra DB database combines Cassandra’s core feature set with additional capabilities designed to simplify day-to-day operations for users. Astra DB is provided as a serverless cloud service, which means that customers don’t have to manage the underlying infrastructure. The platform supports multiple public cloud platforms and includes features that simplify the initial deployment of a new database environment.

Astra DB also offers a collection of cybersecurity capabilities not included in the open-source version of Cassandra. It’s this part of the service’s feature set that DataStax is enhancing with the update announced today.

In particular, Astra DB encrypts companies’ data both while it’s in motion, that is while the information is traveling over the network, and at rest, when the information is sitting in storage. Encryption is by default carried out with a cryptographic key managed by DataStax. Following today’s update, enterprises will gain the ability to use their own key instead of the one provided by DataStax to encrypt data at rest.

Managing a database’s at-rest encryption in-house enables organizations to take additional steps to improve cybersecurity. A company can, for example, choose to refresh its keys every few days or weeks. If a company refreshes its keys every two weeks, then a key generated more than two weeks ago can’t pose a cybersecurity risk if it’s stolen by hackers. 

Astra DB provides the option to keep database keys in a third-party key management service, or KMS. A KMS is a system that helps companies manage their encryption keys more easily and provides security features, such as automatic detection of attempts to weaken an application’s encryption. 

As part of today’s update, DataStax is also making it easier for companies to block malicious login attempts targeting their Astra DB deployments. A new integration with Okta Inc.’s identity management platform allows enterprises to implement single sign-on for Astro DB. That enables workers to log into their company’s database and other workloads using a single password instead of separate login credentials for each.

Processing all Astra DB access requests through a single sign-on mechanism allows companies to centralize the database login process. That centralization, in turn, makes it easier to ensure cybersecurity requirements are being met. 

According to DataStax, administrators can now create policies requiring that Astro DB user passwords be refreshed at fixed time intervals. Similarly to how rotating encryption keys reduces the risk of a breach, regularly refreshing passwords reduces the cybersecurity risk posed by stolen employee login credentials. 

Administrators can also configure other cybersecurity policies for Astro DB. An information technology team can, for example, limit the maximum number of unsuccessful database login attempts that may be made in a given time frame. For individual Astra DB user accounts, administrators can configure which parts of the database each employee may access and how.

“As the only open stack for real-time data applications, our message to the market is that open source technologies are built for today’s modern, business-critical applications,” said DataStax Chief Product Officer Ed Anuff. “The new security capabilities in Astra DB give our customers more control over data access and security,” 

The new features represent the second cybersecurity update DataStax has rolled out to Astro DB in recent months. In September the company debuted a capability that helps enterprises secure data while it’s moving between Astro DB and their public cloud workloads. The capability sends data from Astra DB to applications not via the open web but rather through major cloud providers’ networks, which improves cybersecurity. 

Image: DataStax