Distributed caches are often deployed in massive data centers, where every user has direct access to the data stored in the cache or traveling over the network. This simple functionality is problematic when your application has to cache sensitive data and cannot afford to allow cache access to every other user. Let’s say that your application processes the airline data. With all its massive data records, would you want anybody to meddle with its precision? What you need here is to encrypt your data and secure its access. For this purpose, NCache provides solid encryption mechanisms, LDAP-supported directory services, and more. This blog elaborates on all the security measures NCache employs for your application data.
Data Encryption by Cache Client
You can protect your sensitive data by encrypting it before storing it in your distributed cache. Otherwise, this cache data in its serialized form is easily accessible to anyone intercepting your connection. Encrypting the data converts it into ciphertext, ensuring that only those with the correct decryption key can access the original information. To avoid unauthorized access, NCache supports the following encrypting algorithms for your data:
- 3DES-128
- 3DES-192
- AES-128
- AES-192
- AES-256
- AES-FIPS 128
- AES-FIPS 192
- AES-FIPS 256
Enabling encryption is effortless through the user-friendly environment of the NCache Management Center. Additionally, you can learn more about encryption from our blog on Diving Deeper into Encryption in NCache.
Secure Connections Using Transport Layer Security
NCache provides your application with TLS 1.2 encryption. This protocol, when enabled, encrypts your application data (flight information if we continue with our previous example) when it is sharing data over the network, i.e., between servers and clients, different servers, caches, and bridges. Typically, people only encrypt traffic over public networks, such as bridge communication and wide-area networks (WAN). However, you should encrypt all network traffic for sensitive applications.
TLS ensures this by sharing a certificate between the communicating parties that contains a key acting as a trustee for secure connections. Moreover, it does this while remaining less resource-intensive than Data Encryption. You can enable secure connections using NCache TLS encryption by following the steps provided in Configure TLS Encryption in NCache.
NCache Security Authentication & Authorization
Authentication ensures that only the registered users can perform cache/node operations. There are two access levels for authentication, i.e., the Node Administrators (Users/Groups) and Cache Users (Users/Groups). One is related to management operations along with other cache operations. While the other is limited to cache API access.
For authentication, if you enable NCache security for any cache or node, all clients accessing the cache must first be validated against the LDAP directory or Active Directory on the server-side. As such, you can configure security for cache clusters/nodes using credentials in the NCache Management Center and PowerShell tools.
Figure: Security and Encryption Architecture in NCache
Conclusion
Security is paramount wherever sensitive data is processed. NCache understands this and along with being a fast, in-memory, distributed solution, also provides numerous security and encryption options, as discussed in this blog. These options ensure mission-critical applications don’t have to comprise security for performance. So, what are you waiting for? Download NCache today, sit back, relax, and let NCache handle your application security needs.
