Manage Security on Confluent Cloud

Confluent Cloud provides comprehensive security features to protect your data and resources. This section covers the key areas of managing security on Confluent Cloud, including authentication, access control, data encryption, and activity monitoring.

Manage authentication

Authentication ensures that only authorized users and applications can access your Confluent Cloud resources. This includes managing user accounts, service accounts, API keys, and integrating with identity providers for Single Sign-On (SSO), OAuth/OIDC, and mTLS.

See Manage Authentication on Confluent Cloud.

Control access to Confluent Cloud resources

Use authorization mechanisms, such as Role-Based Access Control (RBAC) and Access Control Lists (ACLs), to control access to Confluent Cloud resources. This ensures only authorized entities can access specific resources and perform certain actions.

See Control Access to Confluent Cloud Resources.

Encrypt and protect data

Data encryption protects your data at rest and data in motion (or data in transit), to help ensure that your data is protected. Confluent Cloud supports various encryption methods, including self-managed encryption keys (BYOK) for your Dedicated Kafka clusters and client-side field-level encryption (CSFLE) to protect your most sensitive data.

See Encrypt and Protect Data on Confluent Cloud.

Monitor activity

Monitoring activity involves tracking and auditing access and actions performed on your Confluent Cloud resources. This helps you detect and respond to potential security incidents and ensure compliance with security policies.

See Audit Log Concepts on Confluent Cloud.

Related content

• Confluent Cloud Security Controls (whitepaper)
• Confluent Cloud Security (Confluent Developer course)