Data Security and Storage Hardening in Rook and Ceph

Explore the security model of Rook with Ceph, the leading open-source software-defined storage platform, in this 35-minute conference talk from DevConf.US 2024. Delve into various hardening options for Ceph storage suitable for different threat profiles. Learn about defining threat models, limiting attack blast radius through separate security zones, implementing encryption at rest and in-flight, utilizing FIPS 140-2 validated ciphers, and applying hardened builds with default configurations. Discover user access controls, key management techniques, and approaches to data retention and secure deletion. Understand how containerization provides additional security benefits through lightweight domain separation. See how Rook simplifies the process of applying hardening options by modifying a .yaml file with the appropriate security context upon creation, making it easy to implement standard Ceph hardening options in container-based storage systems.