Keeping the network secure
Networks are the most popular places for hackers to perform targeted attacks. With today's modern infrastructure being comprised of on-premises, private, public cloud, and multi-cloud environments, there are ample opportunities for hackers to get into insecure networks. First, we should ensure that all the communication that goes in and out of the CockroachDB cluster is completely secured and encrypted. It's always a good idea to turn on TLS for inter-node and client-node communication. Once the data becomes larger, we will end up having a dedicated Site-Reliability Engineering (SRE) organization that ensures CockroachDB is up and running at all times. We should ensure that the right set of folks has the right access to the data. DDLs such as DROP and ALTER should be much more restrictive in production. Also, at any given time, only the folks on production on-call rotation should have access to bastion hosts.
Wherever we have deployed the CockroachDB...
