Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 © 2014 Cloudera, Inc. All rights reserved. Preventing a Big Data Security Breach.

Published byMarylou Morris Modified over 9 years ago

Similar presentations

Presentation on theme: "1 © 2014 Cloudera, Inc. All rights reserved. Preventing a Big Data Security Breach."— Presentation transcript:

1 1 © 2014 Cloudera, Inc. All rights reserved. Preventing a Big Data Security Breach

2 2 © Cloudera, Inc. All rights reserved. Speakers Ritu Kama, Director Product Management, Big Data Intel Twitter: @ritukama @ritukama Nick Curcuru VP Big Data Practice Mastercard Advisors Sam Heywood Director Product Management, Security Cloudera Twitter: @sam_heywood @sam_heywood

3 3 © 2014 Cloudera, Inc. All rights reserved. The Benefits of Hadoop... One place for unlimited data All types More sources Faster, larger ingestion Unified, multi-framework data access More users More tools Faster changes

4 4 © 2014 Cloudera, Inc. All rights reserved. Business Manager Run high value workloads in cluster Quickly adopt new innovations Information Security Follow established policies and procedures Maintain compliance IT/Operations Integrate with existing IT investments Minimize end-user support Automate configuration …Can Create Information Security Challenges

5 5 © 2014 Cloudera, Inc. All rights reserved. Big Data = Sensitive Data © 2015 The SANS™ Institute – www.sans.org 5

6 6 © 2014 Cloudera, Inc. All rights reserved. Comprehensive, Compliance-Ready Security Authentication, Authorization, Audit, and Compliance Perimeter Guarding access to the cluster itself Access Defining what users and applications can do with data InfoSec Concept: Authentication InfoSec Concept: Authorization Visibility Reporting on where data came from and how it’s being used InfoSec Concept: Audit Data Protecting data in the cluster from unauthorized visibility InfoSec Concept: Compliance

7 7 © 2014 Cloudera, Inc. All rights reserved. Data Free-for-All: Available & Error-Prone Basic Security Controls: Authorization Authentication Comprehensive Auditing Data Security & Governance: Lineage Visibility Metadata Discovery Encryption & Key Management Start with the Hadoop Security Maturity Model Achieve Scale and Cost Effectiveness via a Secure Data Vault Fully Compliance Ready: Audit-Ready & Protected Audit Ready For: EU Data Protection Directive PCI DSS HIPAA FERPA FISMA PII Full encryption, key management, transparency, and enforcement for all data-at-rest and data-in-motion Data Volume & Sensitivity Security Compliance & Risk Mitigation 0 Highly Vulnerable Data at Risk 1 Reduced Risk Exposure 2 Managed, Secure, Protected 3 Enterprise Data Hub Secure Data Vault

8 8 © 2014 Cloudera, Inc. All rights reserved. Comprehensive, Compliance-Ready Security Authentication, Authorization, Audit, and Compliance Perimeter Guarding access to the cluster itself InfoSec Concept: Authentication Access Defining what users and applications can do with data InfoSec Concept: Authorization Cloudera Manager Apache Sentry & RecordService Visibility Reporting on where data came from and how it’s being used InfoSec Concept: Audit Cloudera Navigator Data Protecting data in the cluster from unauthorized visibility InfoSec Concept: Compliance Navigator Encrypt & Key Trustee

9 9 © 2014 Cloudera, Inc. All rights reserved. RecordService (Beta) Unified Access Control Enforcement New high performance security layer that centrally enforces fine trained access control in HDFS Complements Apache Sentry’s unified policy definition Row- and column-based security Dynamic data masking Apache-licensed open source Beta now available FILESYSTEM HDFS NoSQL HBase SECURITY – Sentry, RecordService

10 10 © 2014 Cloudera, Inc. All rights reserved. Data Free-for-All: Basic Security Controls: Data Security & Governance: MasterCard’s Journey from pilot to compliance Fully Compliance Ready: Data Volume & Sensitivity Security Compliance & Risk Mitigation 0 Highly Vulnerable Data at Risk 1 Reduced Risk Exposure 2 Managed, Secure, Protected 3 Enterprise Data Hub Secure Data Vault

11 11 © 2014 Cloudera, Inc. All rights reserved. MasterCard’s journey to PCI certification 2016 –> Discovery May 2012 Proof of Concept July –> Oct. 2012 Roadmap Oct. –> Nov. 2012 Mainstream EOY 2012 PCI Certified June 2014 Recertified Jun 2015 Wide Adoption 2013 –> Security

12 12 © 2014 Cloudera, Inc. All rights reserved. Security goes beyond technology Install, modify, and support Technology Act within the guidelines of Process to ensure security Create and revise Process and polices as required Are ultimately accountable for ongoing security People Are the yardstick by which configurations and actions is measured and reported against Are governed by People with authority to set best practices and define policy within an organisation Change over time to address evolving security concerns and needs of the business Process Tools for security that are installed and configured by People, governed by Process Provide the audit, data protection, and user administraiton capabilties delivered by People, within the framework of established and documented Process Technology

13 13 © 2014 Cloudera, Inc. All rights reserved. People and Process – Segregation of Duties – Segregation of Data Access – Process documentation – controls, response and continuity planning – Continuous knowledge transfer, training and awareness Technology – Strong Authentication & Authorisation – Security Logging – Penetration Testing Best practices

14 14 © 2014 Cloudera, Inc. All rights reserved. Hadoop isn’t one thing, but a “collection of things” Education & documentation is 60-70% of the effort This isn’t a database, don’t expect similar controls Security is neither quick nor easy Technology is still maturing Close collaboration with your partner is critical This is just the beginning – it is continuous Lessons learned

15 15 © 2014 Cloudera, Inc. All rights reserved. Table stakes for big data security Native data encryption Security embedded in metadata Integrated key management Authorisation Authentication – Multi-Factor Strong role based access Monitoring in real time Audit and data lineage Hardware-enabled security Enterprise Identity management integration

16 16 © 2014 Cloudera, Inc. All rights reserved. Where to Start Assess security maturity Review data and information strategy Layout data protection strategy Identify education and training needs

17 17 © 2014 Cloudera, Inc. All rights reserved. Thank You

Download ppt "1 © 2014 Cloudera, Inc. All rights reserved. Preventing a Big Data Security Breach."

Similar presentations

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
The twenty-four/seven database Oracle Database Security David Yahalom Senior database consultant

The twenty-four/seven database Oracle Database Security David Yahalom Senior database consultant
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
1 Archive Access Audit Keys to Effective Compliance Lifecycle Management.

1 Archive Access Audit Keys to Effective Compliance Lifecycle Management.
Security Controls – What Works

Security Controls – What Works
…optimise your IT investments Spreadsheet Management Maturity Model Philip Howard Research Director – Bloor Research.

…optimise your IT investments Spreadsheet Management Maturity Model Philip Howard Research Director – Bloor Research.
Information Security Policies and Standards

Information Security Policies and Standards
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
An Information Architecture for Hadoop Mark Samson – Systems Engineer, Cloudera.

An Information Architecture for Hadoop Mark Samson – Systems Engineer, Cloudera.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.
2 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.

2 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
Security Governance Technology Executive Club

Security Governance Technology Executive Club
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
LEVERAGING THE ENTERPRISE INFORMATION ENVIRONMENT Louise Edmonds Senior Manager Information Management ACT Health.

LEVERAGING THE ENTERPRISE INFORMATION ENVIRONMENT Louise Edmonds Senior Manager Information Management ACT Health.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep

Similar presentations

Ads by Google