- by David Tishgart, Prospector
- 1/7/2014 12:57:17 PM
I just saw this video had posted, so I apologize for my late response. Your comments are all good and absolutely correct. Encryption and key management are necessary security tools for RDBMS just as they are for Hadoop and new NoSQL databases. What's unique is that unlike most tranditional relational data stores that have been around awhile, have a logical schema and often include a variety of security controls, the big data platforms that are popping up today offer no at-rest encryption, and very little security in general outside of Kerberos.
Enterprise organizations that are adopting Hadoop, Cassandra, MongoDB, Couchbase and others recognize this, and rather than bringing on resources who know these systems and how to secure them, they're looking to outside vendors for the solution. In some cases they'll look to commercial big data vendors like Cloudera, Hortonworks or DataStax for monitoring, auditing and authorization. Often these same companies will look to Gazzang for specialized encryption, key management and access controls.
Great points about DBaaS. This is why encrypting data on disk is so important. I do think Hadoop in the cloud can absolutely be as safe as it is in your own datacenter. In some cases, safer. It's all about putting the right safeguards around the data.
- by kq4ym, Data Doctor
- 12/13/2013 12:56:47 PM
David Tishgart of Gazzang, seems to be saying Hadoop environments need some extra security measures to protect the original data with encryption and to make sure the key is secure. Is this a growing part of the big data world to hire outside folks to manage the security end of the cloud data? Or just for smaller companies without a security division?
- by BethSchultz, Blogger
- 12/11/2013 9:43:53 AM
Michael, adding to problem, it seems, could be a new cyberthreat spotted by Imperva, an enterprise security company. It reports that database as a service are the latest malware platform for cybercriminals. I've not scoured the full report at this point, but Imperva's summary is concerning for anybody thinking about spinning up Hadoop or other environments in the cloud for analytics purposes: "The report concludes that by bringing data one step closer to hackers, DBaaS makes it possible for hackers to compromise an organization's database without accessing its network - ultimately increasing the risk of a data breach."
- by Michael Steinhart, Blogger
- 12/10/2013 11:05:52 AM
They're absolutely the same best-practices, Beth, but when a business analyst can spin up a Hadoop cluster in the cloud, or smaller LOBs want to avail themselves of big data without going through the official channels, major vulnerabilities can crop up.
It's also possible that IT professionals don't necessarily know where in the big data workflow to build encryption. Companies like Gazzang can help.
At the same time, like everything else in the Hadoop/big data world, traditional processes aren't as outdated and outmoded as everyone says.
- by BethSchultz, Blogger
- 12/10/2013 9:03:08 AM
Hi Michael, while I certainly won't diminish the importance of keeping corporate data secure, especially sensitive data that so often, as Tishgart mentions, is used for big data analytics, I'm not sure that I really heard anything new or different here. Aren't these pretty much the same best practices that IT should have long ago embraced for corporate data?