Post on 15-May-2015
description
© 2012 Datameer, Inc. All rights reserved.© 2012 Datameer, Inc. All rights reserved.
Building Secure Hadoop Environments
© 2012 Datameer, Inc. All rights reserved.
View the full recording
You can view the full recording of this on-demand webinar with slides at:
http://info.datameer.com/Slideshare-Building-Secure-Hadoop-Environments.html
© 2012 Datameer, Inc. All rights reserved.
About our Speaker
Karen HsuWith over 15 years of experience in enterprise software, Karen Hsu has co-authored 4 patents and worked in a variety of engineering, marketing and sales roles.
Most recently she came from Informatica where she worked with the start-ups Informatica purchased to bring data quality, master data management, B2B and data security solutions to market.
Karen has a Bachelors of Science degree in Management Science and Engineering from Stanford University.
© 2012 Datameer, Inc. All rights reserved.
About our Speaker
Filip SluneckoFilip is part of the Customer support team at Datameer.
He is a Linux professional and Python enthusiast. Before joining Datameer, he was on the Hadoop team at AVG, an antivirus/security company.
Filip now uses his 8 years experience with Linux servers and Hadoop security to help Datameer customers.
© 2012 Datameer, Inc. All rights reserved.© 2012 Datameer, Inc. All rights reserved.
Building Secure Hadoop Environments
© 2012 Datameer, Inc. All rights reserved.
Agenda
Challenges and use cases
Hadoop security landscape
Components for building successful Hadoop environments
Call to Action
© 2012 Datameer, Inc. All rights reserved.
Hadoop Data Security Challenges
Architectural issues
Hadoop security is developing
Vendors offer bolt-on solutions
Securosis, Oct 12, 2012
To add security capabilities into a big data environment, the capabilities need to scale with the data… Most security tools fail
to scale and perform with big data environments.- Adrian Lane, Securosis
© 2012 Datameer, Inc. All rights reserved.
Hadoop Security Use Cases
Use Case Requirement Example Description
Role based access
Data access is restricted through the abstraction layer
Users have a view of data in Hadoop they can manipulate
Transformation of sensitive values during load
Data is transformed, masked, or encrypted.
Cluster is copied and then masked/transformed so that analysts work on anonymized data
© 2012 Datameer, Inc. All rights reserved.
Role Based Access
Data Access
HDFSRestrict View
Map-Reduce
Pig / Hive
© 2012 Datameer, Inc. All rights reserved.
Transformation of Sensitive Values
Data Access
HDFS
Map-Reduce
Transform Data
Load
© 2012 Datameer, Inc. All rights reserved.
Load
Hybrid of Role Based Access and Transformation of Sensitive Values
Data Access
HDFS
Map-Reduce
Transform Restrict View
© 2012 Datameer, Inc. All rights reserved.
Hadoop Security Offerings
Type Description Example vendorsRole based access control Use LDAP / Active Directory (AD)
authentication to identify and manage users. Leveraging Kerberos to provide mutual authentication
Encryption • File encryption • Disk encryption• Format preserving encryption
Masking Data Masking performed before load
Block level encryption Linux directory level encryption with external key store
© 2012 Datameer, Inc. All rights reserved.
Components for Building Secure Hadoop Environment
Secure access – SSL
Access controls
Secure authentication
Kerberos
Logging – auditing
File Encryption
Disk encryption
© 2012 Datameer, Inc. All rights reserved.
Secure access
© 2012 Datameer, Inc. All rights reserved.
Access ControlsDatameer Example
Impersonation
Kerberos
LDAP
Roles
Object permission
© 2012 Datameer, Inc. All rights reserved.
Object PermissionDatameer Example
Info graphics
Export job
Workbooks
Data links
Import jobs
Object types
© 2012 Datameer, Inc. All rights reserved.
RolesDatameer Example
© 2012 Datameer, Inc. All rights reserved.
Remote AuthenticatorDatameer Example
Integrating into an existing infrastructure
Active directory support
Import groups and users to Datameer
Centralized user management
© 2012 Datameer, Inc. All rights reserved.
Kerberos
© 2012 Datameer, Inc. All rights reserved.
Impersonation
© 2012 Datameer, Inc. All rights reserved.
Demonstration
© 2012 Datameer, Inc. All rights reserved.
Disk Encryption
Why it’s important• 1 year - 2%
• 2 year - 6-8%
Criteria for success• Encryption per process
• Key management
• Safe and in full compliance with HIPAA, PCI-DSS, FERPA
© 2012 Datameer, Inc. All rights reserved.
File EncryptionEmerging Technology
Intel Hadoop
Project Rhino• Encryption and key management.
• A common authorization framework.
• Token based authentication and single sign on.
• Improve audit logging.
© 2012 Datameer, Inc. All rights reserved.
Logging and Auditing
Datameer
UI Access Job execution
Hadoop
File access Job runs
© 2012 Datameer, Inc. All rights reserved.
Logging and Auditing
Centralized logging
Collectors Storage Real Time Search Visualization
Datameer Datameer* Katta Datameer
Splunk Splunk Elasticsearch Splunk
Flume Elasticsearch Solr Greylog
Greylog Solr Graphite
Hive
© 2012 Datameer, Inc. All rights reserved.
Recap
Challenges and use cases
Hadoop security landscape
Components for building successful Hadoop environments• Secure access – SSL
• Access controls
• Secure authentication
• Kerberos
• Logging – auditing
• File Encryption
• Disk encryption
© 2012 Datameer, Inc. All rights reserved.
Call to Action
Contact• Filip Slunecko
fslunecko@datameer.com• Karen Hsu khsu
@datameer.com
Meet us atDiscover Big Data 8 City Workshop near you!http://info.datameer.com/Discover-Big-Data-RoadShow.html
Implementing Hadoop Security Workshop• Contact
marketing@datameer.com for more details
www.datameer.com
© 2012 Datameer, Inc. All rights reserved.
Online Resources
Try Datameer: www.datameer.com Follow us on Twitter @datameer