Hyper-Converged Database (HCD) security checklists

Hyper-Converged Database (HCD) Security is a comprehensive feature suite that fortifies HCD databases against potential harm due to deliberate attack or user error. It includes advanced mechanisms for authentication and authorization, encryption of data in-flight and at-rest, and data auditing. In addition, HCD is compatible with various partner security solutions to meet industry-specific requirements and other advanced requirements.

HCD Security leverages enterprise standards to integrate cohesively with existing technology such as Active Directory (AD), Lightweight Directory Access Protocol (LDAP), OpenID Connect (OIDC), Public Key Infrastructure (PKI), and Key Management Interoperability Protocol (KMIP).

HCD includes advanced data protection for enterprise-grade databases:

Feature Database

Authentication (Internal, LDAP, OIDC)

Yes

Authorization (RBAC)

Yes

Client-to-node encryption

Yes

Node-to-node encryption

Yes

Transparent data encryption

Yes

Data auditing

Yes

HCD Security features are designed to work together to provide comprehensive protection. Implementing multiple security layers provides defense in depth.

Security implementation guide

This section provides a detailed guide to implementing HCD security features.

Authentication and authorization

  • Enable authentication: Configure HCD to require user authentication.

  • Choose authentication scheme: Select from internal, LDAP, or OIDC.

  • Set up role-based access control: Define roles and assign appropriate permissions.

  • Configure audit logging: Monitor database activities for security compliance.

Encryption

  • Client-to-node encryption: Secure connections between clients and database nodes.

  • Node-to-node encryption: Secure internode communication.

  • Transparent data encryption: Encrypt data at rest on disk.

  • Key management: Use KMIP or local key management for encryption keys.

Network security

  • Firewall configuration: Restrict access to database ports.

  • Network segmentation: Isolate database nodes in secure network segments.

  • SSL/TLS certificates: Use valid certificates for encrypted connections.

  • Port security: Only open necessary ports for database operations.

Monitoring and compliance

  • Audit logging: Track all database activities.

  • Security monitoring: Monitor for suspicious activities.

  • Compliance reporting: Generate reports for regulatory requirements.

  • Incident response: Have procedures for security incidents.

    Database security checklist

    Secure transactional nodes using HCD security features.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2025 DataStax, an IBM Company | Privacy policy | Terms of use | Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com