compromised external
cloud assets
more common than
on-premises assets1
1 Verizon DBIR 2021 - https://www.verizon.com/dbir
@hpgrahsl | #Current22 - Austin, Texas | Oct 4-5, 2022
6
Slide 7
Slide 7 text
Let's don't
forget about the price tag
of data breaches.
@hpgrahsl | #Current22 - Austin, Texas | Oct 4-5, 2022
7
Slide 8
Slide 8 text
Let's don't
forget about the price tag
of data breaches.
@hpgrahsl | #Current22 - Austin, Texas | Oct 4-5, 2022
8
Slide 9
Slide 9 text
$4.24M
average cost of data
breach2
2 IBM Cost of Data Breach Report - https://www.ibm.com/security/data-breach
@hpgrahsl | #Current22 - Austin, Texas | Oct 4-5, 2022
9
Slide 10
Slide 10 text
$180
per record cost of
customer PII2
2 IBM Cost of Data Breach Report - https://www.ibm.com/security/data-breach
@hpgrahsl | #Current22 - Austin, Texas | Oct 4-5, 2022
10
Slide 11
Slide 11 text
It's me ... Hans-Peter
• Developer
!
Advocate @ Red Hat
• Open-Source Enthusiast
• Confluent Community Catalyst since 2019
• MongoDB Champion since 2020
• based in Graz, Austria
"
@hpgrahsl | #Current22 - Austin, Texas | Oct 4-5, 2022
11
Behind the Scenes?
@hpgrahsl | #Current22 - Austin, Texas | Oct 4-5, 2022
55
Slide 56
Slide 56 text
Cryptography
• Tink by Google
• AEAD based on AES GCM
• DAEAD based on AES SIV
• key rotation support
@hpgrahsl | #Current22 - Austin, Texas | Oct 4-5, 2022
56
Slide 57
Slide 57 text
Keyset Management
• within SMT config (not
recommended)
• externalized to separate file (okayish)
• remote / cloud KMS (recommended)
• preliminary Azure Key Vault support
@hpgrahsl | #Current22 - Austin, Texas | Oct 4-5, 2022
57
Slide 58
Slide 58 text
!
Little Ideas
!
• wildcard / regex matching for field names
• dynamic keyset selection based on payload
• additional KMS providers (GCP, AWS, ...)
@hpgrahsl | #Current22 - Austin, Texas | Oct 4-5, 2022
58
Slide 59
Slide 59 text
!
Bigger Ideas
!
• add cryptography options (e.g. FPE)
• extend scope beyond Kafka Connect and ksqlDB
• make CSFLC language / runtime agnostic
@hpgrahsl | #Current22 - Austin, Texas | Oct 4-5, 2022
59
Slide 60
Slide 60 text
@hpgrahsl
Let's stay in touch
!
on Twitter
@hpgrahsl | #Current22 - Austin, Texas | Oct 4-5, 2022
60