Data Security and Storage Hardening in Rook and Ceph

Explore data security and storage hardening techniques in Rook and Ceph in this conference talk from All Things Open 2022. Delve into the security model of Rook with Ceph, examining various hardening options suitable for different threat profiles. Learn about defining threat models, implementing separate security zones to limit attack blast radius, utilizing encryption at rest and in-flight with FIPS 140-2 validated ciphers, and applying hardened builds and default configurations. Discover the benefits of containerization for security, and how Rook simplifies the process of applying hardening options through simple .yaml file modifications. Cover topics such as user access controls, key management, data retention, secure deletion, and the advantages of container-based storage systems. Gain insights into network security zones, product security incident response, encryption and key management, control plane security, identity and access management, auditing, and infrastructure hardening for robust data protection in Rook and Ceph environments.