Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Big Data KAIZEN APPROACH, INC.. Big Data Defined Big data is where the data volume, acquisition velocity, or data representation limits the ability.

Published byRodger Blankenship Modified over 9 years ago

Similar presentations

Presentation on theme: "Securing Big Data KAIZEN APPROACH, INC.. Big Data Defined Big data is where the data volume, acquisition velocity, or data representation limits the ability."— Presentation transcript:

1 Securing Big Data KAIZEN APPROACH, INC.

2 Big Data Defined Big data is where the data volume, acquisition velocity, or data representation limits the ability to perform effective analysis using traditional relational approaches or requires the use of significant horizontal scaling for efficient processing. (NIST 2012)

3 Big Data value In the eye of the beholder Value is defined through hypotheses and data modeling of the data sets Data which had been collected in the normal course of business can now be mined and correlated to find relationships and meaning Data sets vary from medical records, financial transactions, web cam photos, firewall logs, web logs, web url searches, physical security logs…

4

5 Big Data the 5 ‘Vs’ Volume: processing petabytes of data with low overhead and complexity Veracity: using data from a variety of domains Value: using commodity hardware Variety: leveraging flexible schemas to handle structured and unstructured data Velocity: performing real time analytics and ingesting streaming feeds as well batch processing

6 Examples of Big Data users PRIVATE SECTOR Wal-Mart Apple EBay Verizon Bank of America NYSE Amazon Google Yahoo PUBLIC SECTOR DoD CDC DoE GSA IRS NASA NOAA

7 Big Data Security Issues Large aggregated data store is an attractive target for hackers and malicious insiders Big Data stored in a public or hybrid cloud environment has a larger attack surface, virtual environment has its own security issues Sensitive data is being ported from mature and secure relational databases into NoSQL data stores lacking compatible security controls

8 Big Data Security Concerns SOURCE: CLOUD SECURITY ALLIANCE BIG DATA WORKING GROUP

9 NoSQL and Big Data NoSQL databases are ideal for huge quantities of data, especially unstructured or non-relational data. Some NoSQL systems do allow SQL-like query language NoSQL database systems are often highly optimized for retrieval and appending operations and often offer little functionality beyond record storage, offering marked gains in scalability and performance Challenges include support issues, lack of trained personnel, lack of standardization, immaturity, lack of a database management system Examples : HBase (Hadoop), Cassandra, MongoDB, Riak, CouchDB Hadoop is most popular

10 Hadoop is a Suite of Tools Distributed file system (HDFS) Distributed execution framework (MapReduce) Query language (Pig) Distributed, column-oriented data store (HBase) Machine learning (Mahout)

11 Hadoop Pros Process large data very efficiently Distributed storage and computation Very flexible – horizontally scalable HDFS file system is optimized for high throughput Simple API and model Parallel processing Inexpensive NoSQL database model (HBASE)

12 Hadoop Security Cons Security is NOT built into Hadoop (or any NoSQL database) at all: was never built for enterprise security but for publically available data No native encryption services offered Data spread on multiple machines in a cluster, making securing/hardening individual machines challenging and backup / recovery difficult Hadoop tools lack basic security controls Data veracity is a challenge given the possible multitude of data sources

13 Securing Big Data: Products Several types of products available: 1. NoSQL / Hadoop products with enhanced security built on top offering integrated authentication (not just Kerberos!) and encryption options 2. API gateways/proxies controlling what applications can access/which data queries can be made against a database cluster

14 Hadoop/NoSQL Security Products Cell-level access labels (Sqrrl/Accumulo) Kerberos authentication(Opensource, IBM, Cloudera, MapR) Access control lists for tables/column families (all Hadoop vendors) Data encryption (Sqrrl/Accumulo,Datameer,Gazzang,DataGuise,Vormetric) Authentication integration with LDAP and PKI (Sqrrl/Accumulo, MapR,Datameer)

15 Hadoop/NoSQL Security Products: Accumulo Sorted, distributed key/value store using Hadoop as its file system Developed by NSA beginning in 2008, Accumulo is now an open source software projected hosted by the Apache Foundation and natively integrates with Hadoop. Accumulo has three differentiators from Hadoop and other NoSQL databases: Secure: Fine-grained security controls allow organizations to control data at the cell- level, integrating existing authentication functions in the enterprise (PKI, LDAP, AD…) Scale: proven to operate and perform at massive scale with low administrative overhead Adapt: provides real-time analysis

16 Hadoop/NoSQL Products: Accumulo and Sqrrl Sqrrl is the commercial version of Accumulo, a startup of developers and engineers from NSA. Their version of Accumulo is Sqrrl Enterprise Sqrrl Enterprise is different from other Big Data tools because security is built into the platform, as a result, cell-level security controls do not result in any significant performance degradations. Data can be labeled or tagged by cell to provide fine grained access control. Sqrrl Enterprise integrates with enterprise Identity and Access Management (IAM) systems, such as Active Directory, LDAP, and PKI, biometrics. Sqrrl provides encryption of data-at-rest and data-in-motion

17 Big Data Security Products: API Gateways Appliance exposes published APIs, proxying between data on NoSQL or relational databases and applications Only approved/ published APIs permitted Tied into existing authentication sources Authorization and encryption available Malware/virus and DLP checking available Placed behind firewall Intel’s EAM, CA’s Layer7 and Mulesoft

18 API Gateway Example: Intel EAM

19 Securing Big Data: General Approaches Determine which data should be in a NoSQL database given immaturity of Big Data products/implementations Firewall off the big data clusters from rest of network Harden and secure machines (virtual and physical) where database cluster is distributed Limit who can access the databases with authentication Understand the target of and power of consolidated data to attackers and malicious insiders Realize that compliance/regulatory issues are the same for NoSQL databases as for Relational databases: backup, auditing, monitoring, securing data is still required

20 How Kaizen Can Help Our experienced professionals are steeped in security concepts, risk management, technology and principles of data processing We separate facts from fads and hype We’re vendor neutral, not resellers Our staff has extensive private and public sector experience with security: host/server, network and database/applications We keep up to date with current technology and events, applying best practices, experience and common sense to examine problems and come up with solutions

21 How Kaizen Can Help The tools to secure Big Data are new or being developed, but the concepts behind securing the data are not. Kaizen’s professionals can map the security requirements to the tools, and show what is lacking; We can test and research products, suggest procedures and practices to maintain and enhance the security of Big Data environments.

22 Summary Kaizen can help with big data problem analysis, test technical options and determine a solution, combining the technical and procedural This presentation surveys the problem space and possible combinations of security solutions: Secure NoSQL database implementations API gateways Encryption Leveraging existing firewall, authentication and authorization technology

23 Appendix: Vendors BIG DATA/HADOOP Apache IBM Cloudera Karmasphere EMC Hortonworks BIG DATA/SECURITY Sqrrl Intel/Mashery MapR Platfora Datameer Mulesoft CA/Layer7

24 Appendix: Vendors: Encryption Products for Big Data Gazzang www.gazzang.com Vormetric www.vormetric.com Dataguise

25 Big Data Consortiums and Standards Bodies https://cloudsecurityalliance.org/ Big Data Working Group http://opencloudconsortium.org/members/ http://csrc.nist.gov/groups/SNS/index.html

Download ppt "Securing Big Data KAIZEN APPROACH, INC.. Big Data Defined Big data is where the data volume, acquisition velocity, or data representation limits the ability."

Similar presentations

Network Systems Sales LLC

Network Systems Sales LLC
Distributed Data Processing

Distributed Data Processing
BigData Tools Seyyed mohammad Razavi. Outline  Introduction  Hbase  Cassandra  Spark  Acumulo  Blur  MongoDB  Hive  Giraph  Pig.

BigData Tools Seyyed mohammad Razavi. Outline  Introduction  Hbase  Cassandra  Spark  Acumulo  Blur  MongoDB  Hive  Giraph  Pig.
Paula Ta-Shma, IBM Haifa Research 1 “Advanced Topics on Storage Systems” - Spring 2013, Tel-Aviv University Big Data and.

Paula Ta-Shma, IBM Haifa Research 1 “Advanced Topics on Storage Systems” - Spring 2013, Tel-Aviv University Big Data and.
 Need for a new processing platform (BigData)  Origin of Hadoop  What is Hadoop & what it is not ?  Hadoop architecture  Hadoop components (Common/HDFS/MapReduce)

 Need for a new processing platform (BigData)  Origin of Hadoop  What is Hadoop & what it is not ?  Hadoop architecture  Hadoop components (Common/HDFS/MapReduce)
Big Data Workflows N AME : A SHOK P ADMARAJU C OURSE : T OPICS ON S OFTWARE E NGINEERING I NSTRUCTOR : D R. S ERGIU D ASCALU.

Big Data Workflows N AME : A SHOK P ADMARAJU C OURSE : T OPICS ON S OFTWARE E NGINEERING I NSTRUCTOR : D R. S ERGIU D ASCALU.
Fraud Detection in Banking using Big Data By Madhu Malapaka For ISACA, Hyderabad Chapter Date: 14 th Dec 2014 Wilshire Software.

Fraud Detection in Banking using Big Data By Madhu Malapaka For ISACA, Hyderabad Chapter Date: 14 th Dec 2014 Wilshire Software.
Big Data A big step towards innovation, competition and productivity.

Big Data A big step towards innovation, competition and productivity.
+ Hbase: Hadoop Database B. Ramamurthy. + Motivation-1 HDFS itself is “big” Why do we need “hbase” that is bigger and more complex? Word count, web logs.

+ Hbase: Hadoop Database B. Ramamurthy. + Motivation-1 HDFS itself is “big” Why do we need “hbase” that is bigger and more complex? Word count, web logs.
U.S. Department of the Interior U.S. Geological Survey David V. Hill, Information Dynamics, Contractor to USGS/EROS 12/08/2011 Satellite Image Processing.

U.S. Department of the Interior U.S. Geological Survey David V. Hill, Information Dynamics, Contractor to USGS/EROS 12/08/2011 Satellite Image Processing.
A Brief Overview by Aditya Dutt March 18 th ’ 2014 1Aditya Inc.

A Brief Overview by Aditya Dutt March 18 th ’ Aditya Inc.
CS525: Special Topics in DBs Large-Scale Data Management Hadoop/MapReduce Computing Paradigm Spring 2013 WPI, Mohamed Eltabakh 1.

CS525: Special Topics in DBs Large-Scale Data Management Hadoop/MapReduce Computing Paradigm Spring 2013 WPI, Mohamed Eltabakh 1.
Distributed Indexing of Web Scale Datasets for the Cloud {ikons, eangelou, Computing Systems Laboratory School of Electrical.

Distributed Indexing of Web Scale Datasets for the Cloud {ikons, eangelou, Computing Systems Laboratory School of Electrical.
Introduction to Apache Hadoop Zibo Wang. Introduction  What is Apache Hadoop?  Apache Hadoop is a software framework which provides open source libraries.

Introduction to Apache Hadoop Zibo Wang. Introduction  What is Apache Hadoop?  Apache Hadoop is a software framework which provides open source libraries.
Hadoop/MapReduce Computing Paradigm 1 Shirish Agale.

Hadoop/MapReduce Computing Paradigm 1 Shirish Agale.
Introduction to Hadoop and HDFS

Introduction to Hadoop and HDFS
SEMINAR ON Guided by: Prof. D.V.Chaudhari Seminar by: Namrata Sakhare Roll No: 65 B.E.Comp.

SEMINAR ON Guided by: Prof. D.V.Chaudhari Seminar by: Namrata Sakhare Roll No: 65 B.E.Comp.
Contents HADOOP INTRODUCTION AND CONCEPTUAL OVERVIEW TERMINOLOGY QUICK TOUR OF CLOUDERA MANAGER.

Contents HADOOP INTRODUCTION AND CONCEPTUAL OVERVIEW TERMINOLOGY QUICK TOUR OF CLOUDERA MANAGER.
Big Data Bijan Barikbin Denisa Teme Matthew Joseph.

Big Data Bijan Barikbin Denisa Teme Matthew Joseph.
+ Hbase: Hadoop Database B. Ramamurthy. + Motivation-0 Think about the goal of a typical application today and the data characteristics Application trend:

+ Hbase: Hadoop Database B. Ramamurthy. + Motivation-0 Think about the goal of a typical application today and the data characteristics Application trend:

Similar presentations

Ads by Google