Can your Kafka broker or provider read your messages?

Tell me more

Meet the most stringent requirements while still using your existing Kafka system... within minutes!

Bank-grade data privacy, security, and compliance for Apache Kafka

Even if you're connecting to your Kafka broker over TLS, message payloads are in plaintext and readable while in the broker. For topics that include PII, sensitive data, or just connect to core systems this approach can fall short of the stringent compliance and confidentiality requirements of many financial services companies.

Unique keys per identity

Each consumer and producer generates its own cryptographic keys, and is issued its own unique credentials. They then use these to establish a mutually trusted secure channel between each other. By removing the dependency on a third-party service to store or distribute keys you're able to reduce your vulnerability surface area and eliminate single points of failure.

Tamper-proof data transfer

By pushing control of keys to the edges of the system, where authenticated encryption and decryption occurs, no other parties in the supply-chain are able to modify the data in transit. You can be assured that the data you receive at the consumer is exactly what was sent by your producers. You can also be assured that only authorised producers can write to a topic ensuring that the data in your topic is highly trustworthy.

Reduced exposure window

Ockam secure channels regularly rotate authentication keys and session secrets. This approach means that if one of those session secrets was exposed your total data exposure window is limited to the small duration that secret was in use. Rotating authentication keys means that even when the identity keys of a producer are compromised - no historical data is compromised. You can selectively remove the compromised producer and its data. With centralised shared key distribution approaches there is the risk that all current and historical data can’t be trusted after a breach because it may have been tampered with or stolen. Ockam's approach eliminates the risk of compromised historical data and minimises the risk to future data using automatically rotating keys.

It's time to…

… or, ask our team a question

We' get back to you within one business day.

Build Trust

Start BuildingGet a Demo

© 2023 Ockam.io All Rights Reserved