It is more important than ever for organizations to secure their infrastructure to prevent unauthorized access and to ensure compliance to regulatory standards such as PCI-DSS and HIPAA. Couchbase Server offers security mechanisms that help protect against threats and breaches.
Couchbase verifies the identity of administrators and applications using both SASL and non-SASL authentication methods, including challenge-response authentication mechanism (CRAM) based on the HMAC-MD5 algorithm. Couchbase Server also supports LDAP authentication for administrators connecting to Couchbase through the administrative web console. Applications are authorized for buckets that they have access to; administrators can either have full authorization or they can be limited to read-only access.
Data in motion: Couchbase Server supports end-to-end SSL traffic both from applications to clusters and between clusters (XDCR). This encryption covers both data packets and administration traffic.
Data at rest: Couchbase works with LUKS-based disk encryption on Linux, Bitlocker Drive Encryption on Windows Server 2008 and 2012, and with Vormetric Data Security platform, which does disk, file-level, and application-level encryption.
Auditing empowers authorized users to monitor the actions carried out by administrators in the Couchbase Server cluster. This capability is essential for achieving regulatory compliance and is often critical for adhering to internal security policies.
For more information about security mechanisms in Couchbase Server, see Security in Couchbase.