Hadoop Security for the Enterprise
Organizations use Hadoop big data systems to store and process an ever-growing volume of enterprise data. The growth of big data has created a pressing need to secure data in order to avoid data breaches and to comply with regulations such as the Payment Card Industry Data Security Standard (PCI DSS), Sarbanes Oxley, HIPAA, HITECH and many state and federal data privacy laws.
When developing a big data strategy, organizations need to consider a comprehensive solution for data security and data governance for their enterprise Hadoop implementation. Data security and data governance can be achieved by an optimum combination of appropriate security tools with customized configuration, clear policy definition and adherence to best practices.
The MetaScale Big Data Security Solution
MetaScale leverages our experience of implementing big data solutions within highly regulated industries such as retail, healthcare and finance to provide a holistic approach to Hadoop Security. Our approach to creating an ideal data security platform enables enterprise customers to secure their data and comply with regulatory requirements by encrypting data that is stored and processed by Hadoop systems, centralizing key management, enforcing access control policies and gathering security intelligence on data access.
MetaScale offers Big Data Security Assessment and Customized Hadoop Security Solutions to help customers apply the right combination of security measures to achieve an ideal data security platform for their specific requirements.
To achieve an ideal data security platform for your big data implementation, MetaScale analyzes all security stages for gaps and develops solutions to augment the standard configurations of your Hadoop distribution with customized plugins and domain specific best practices.
Why Security Solutions for Hadoop Are Required
With the emergence of Hadoop as a business-critical data platform, more stringent requirements for data security are placed on the enterprise. Hadoop already meets many of these security requirements, but there are numerous gaps that need to be addressed
- How nodes and client applications are vetted before joining the cluster
- How data at rest is protected from unwanted inspection and privacy of network communications
- How nodes are managed and security will meet compliance requirements
Gaps in Hadoop Security
- Insufficient authentication – Hadoop does not strongly authenticate the client, it simply asks the underlying Unix system by executing ‘whoami’ command
- No privacy, no integrality
- Arbitrary code execution
- Oozie is a super user capable of performing any operation as any user
- Name node or data node can give access to all of the data stored in HDFS by obtaining the shared secrete key
- Data may be transmitted over insecure transport including HSFTP, FTP and HTTP
- Stealing of IP of an HDFS proxy could allow one to extract large amounts of data quickly
- Unauthorized clients can impersonate authorized users and access the cluster
- One can get the blocks directly from the data nodes by bypassing the name node
- Eavesdropping / sniffing of data packets being sent by data nodes to client
Hadoop Security Elements
- Administration: centralized security management
- Authentication: verify identity of users and systems
- Authorization: define access control policies
- Audit: Maintain a record of data access
- Data Protection: protect data in motion and at rest
Accelerate your big data projects – leverage our proven track record for meeting business objectives with on-time and on-budget success.
Contact MetaScale to discuss your big data security requirements.