Zettaset Blog

Using Zettaset to Protect Redis Data Stores While Maintaining Fast Performance

New open source software applications have revolutionized technology stacks around the world. From Linux to Mozilla, the developer community has given birth to many innovative concepts. A great example is Redis, an open source NoSQL database that is used by the likes of Lyft, Netflix, Twitter, and thousands of other tech giants.

Redis is an in-memory database platform powering real-time applications with the highest throughput, lowest latencies, and the least resources. In addition to being fully in-memory, Redis enables data persistence and high availability through replication and backups. Open-source Redis has gained popularity amongst users for its incomparable high performance and ease of use. It was, and still remains, the most powerful and unique database on the market. Today, hundreds of thousands of users are building and deploying complex big data applications on top of Redis. A major advantage of Redis is that the in-memory representation of complex data structures is much simpler to manipulate, meaning that users can build complex, real-time applications with dramatically less internal complexity.

Redis Enterprise (Redise) enhances open-source deployments with a technology layer that makes scaling effortless and transparent to the user. Redise also adds unmatched resilience, with high availability that protects against every failure scenario and is benchmarked to recover within seconds without losing data. Performance optimizations within Redise ensure that applications that use it achieve flawless high performance under any load. Today Redis Labs supports over 60,000 customers globally, and is the first choice for enterprise Redis deployments both on-premises and in the cloud.

Redis is optimized for maximum performance and simplicity, but relies on users to maximize its security.

Redis was designed to be accessed by trusted clients inside trusted environments. Exposing the Redis instance directly to the internet or to an environment where untrusted clients can directly access the Redis TCP port or UNIX socket carries a high risk. SSL using Stipes provides some basic security between the client and the data store, but Redis lacks built-in data-at-rest encryption to protect the data store.

Zettaset has paired up with Redis Labs, home of open source Redis and commercial provider of Redis Enterprise, to provide maximum security for users running Redis Enterprise in production at scale. As Redis Enterprise usage continues to grow exponentially, major enterprises now utilize Redis Labs to power mission critical, business critical applications. Virtually every vertical of every industry utilizes Redis to a certain extend to power their big data initiatives.

In this age of unabated data breaches, we know that a determined cybercriminal can break through the periphery of almost any database environment. And the risk of insider threats through misconfigurations or deliberate actions continues to increase. Best security practices dictate that any access to your Redis Labs deployment, trusted or untrusted, must be mediated with ACLs and the data store itself must be encrypted.

How can we protect Redise without compromising the high performance that defines the Redis user experience?

Zettaset BDEncrypt (Big Data Encryption) is a high-performance, partition-level encryption solution which, because of its speed, is ideal for encryption and decryption of in-memory stored data. Even if the periphery of the Redis Labs environment is breached, the data store itself remains securely protected.

BDEncrypt can be applied to both data-at-rest, and data-in-motion, which also simplifies protection of a Redis Enterprise. Unlike legacy encryption technologies, BDEncrypt is has been designed from the ground up for optimal performance and scalability in big data stores and distributed architectures, and can be transparently applied in NoSQL environments similar to Redise, as well as in Relational/SQL, Object, and Hadoop data stores.

High-Performance Data Encryption for High Performance Data Stores

The industry-leading performance of BDEncrypt makes it the ideal match for Redis Labs, especially when snap-shotting, dumping data to disk, or holding your Redis data in Flash memory. BDEncrypt is optimized for superior performance in in-memory and scale-out distributed computing environments, with negligible impact on application performance: approximately 3% * for data-at-rest encryption and 7%* for data-in-motion encryption. (*Measured using TeraSort MapReduce Benchmark).

Zettaset BDEncrypt includes a policy engine for highly granular management of ACLs. BDEncrypt can be configured to align with the frequency of the Redis snap-shotting process and to encrypt the snapshots as they are saved to disk. Because BDEncrypt works transparently across data environments, you can choose to store the snapshots in Relational, NoSQL, or Object data stores. In any case, BDEncrypt provides encryption that does not inhibit Redis Labs performance.

Complete Encryption Solution for Sensitive, High-Risk Data Environments

The BDEncrypt solution delivers a complete encryption package that includes a software-based virtual enterprise key manager (V-EKM) and virtual hardware security module (V-HSM).

Zettaset BDEncrypt provides proven defense in regulated industries such as healthcare, financial services, and retail from the accelerating frequency and scope of data breaches. When integrated into a strategic IT security initiative, BDEncrypt can help bring Redis Labs data stores into compliance with corporate and regulatory data protection initiatives including HIPAA, HITECH, and PCI.

Zettaset BDEncrypt adheres to OASIS encryption open standards, and is compatible with any KMIP-compliant key management system and PKCS#11-compliant hardware security module (HSM). This makes Zettaset BDEncrypt an easy fit in existing enterprise data security frameworks, and will make your CISO happy!

Redis and Zettaset are working together to provide joint customers with the best of both worlds: An industry leading database that is optimized for maximum performance and maximum security.

Our Resources
Solution Briefs
White Papers