SlideShare a Scribd company logo

To Serve and Protect: Making Sense of Hadoop Security

I
Inside Analysis

HP Security Voltage provides data-centric security solutions to protect sensitive data in Hadoop environments. Their solutions leverage tokenization and encryption to safeguard data at rest, in motion, and in use across the data lifecycle. They presented use cases where their technology helped secure financial, healthcare, and telecommunications customer data in Hadoop and other platforms. Questions from analysts focused on implementation experience, performance impacts, integration with authentication, costs, and supported environments and partnerships.

Technology
1 of 37
Downloaded 12 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Grab some coffee and enjoy the pre-­show banter before the top of the hour!
The Briefing Room To Serve and Protect: Making Sense of Hadoop Security
Twitter Tag: #briefr The Briefing Room Welcome Host: Eric Kavanagh eric.kavanagh@bloorgroup.com @eric_kavanagh
Twitter Tag: #briefr The Briefing Room   Reveal the essential characteristics of enterprise software, good and bad   Provide a forum for detailed analysis of today s innovative technologies   Give vendors a chance to explain their product to savvy analysts   Allow audience members to pose serious questions... and get answers! Mission
Twitter Tag: #briefr The Briefing Room Topics September: HADOOP 2.0 October: DATA MANAGEMENT November: ANALYTICS
Twitter Tag: #briefr The Briefing Room
Twitter Tag: #briefr The Briefing Room Analyst: Robin Bloor Robin Bloor is Chief Analyst at The Bloor Group robin.bloor@bloorgroup.com @robinbloor
Twitter Tag: #briefr The Briefing Room HP Security Voltage   HP recently acquired Voltage Security (now HP Security Voltage) to expand its data security solutions for big data and the cloud   HP Security Voltage provides data and email protection   Its security product features data encryption, tokenization and key management over structured and unstructured data, including data in Hadoop
Twitter Tag: #briefr The Briefing Room Guest: Sudeep Venkatesh Sudeep Venkatesh is a noted expert in data protection solutions, bringing over a decade of industry and technology experience in this area to HP Security Voltage. His expertise spans data protection, security infrastructures, cloud security, identity and access management, encryption, and the PCI standards both for the commercial and government sectors. He has worked on numerous global security projects with Fortune 500 firms in the United States and globally. At HP Security Voltage, Sudeep serves in the position of Vice President of Solution Architecture, with responsibility over designing solutions for some of HP Security Voltage's largest customers in the end-to-end data protection portfolio. This includes email, file and document encryption, as well as the protection of sensitive data in databases, applications and payments systems.
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.© Copyright 2015Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted HP Security Voltage Data-Centric Security & Encryption Solutions Sudeep Venkatesh September 22, 2015
Monetization Data Sold on Black Market Research Potential Targets Research Infiltration Phishing Attack and Malware Discovery Mapping Breached Environment Capture Obtain data Attack Life Cycle Exfiltration/Damage Exfiltrate/Destroy Stolen Data
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Why is Securing Hadoop Difficult? • Multiple sources of data from multiple enterprise systems, and real-time feeds with varying (or unknown) protection requirements • Rapid innovation in a well-funded open-source developer community • Multiple types of data combined together in the Hadoop “data lake”
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Why is Securing Hadoop Difficult? • Automatic replication of data across multiple nodes once entered into the HDFS data store • Access by many different users with varying analytic needs • Reduced control if Hadoop clusters are deployed in a cloud environment
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Existing Ways to Secure Hadoop •  Existing IT security − Network firewalls − Logging and monitoring − Configuration management Need to augment these with “data-centric” protection of data in use, in motion and at rest •  Enterprise-scale security for Apache Hadoop − Apache Knox: Perimeter security − Kerberos: Strong authentication − Apache Ranger: Monitoring and Management
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. What is Data-Centric Protection? Storage File Systems Databases Data & Applications Traditional IT Infrastructure Security Disk Encryption Database Encryption SSL/TLS/Firewalls Security Gap Security Gap Security Gap Security Gap SSL/TLS/Firewalls Authentication Management Middleware Threats to Data Malware, Insiders SQL Injection, Malware Traffic Interceptors Malware, Insiders Credential Compromise Data Ecosystem DataSecurityCoverage Security Gaps
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. What Kind of Protection Closes the Security Gap?
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. End-to-End Sensitive Data Protection at Rest, in Motion, and in Use Storage File Systems Databases Data & Applications Traditional IT Infrastructure Security Disk Encryption Database Encryption SSL/TLS/Firewalls Security Gap Security Gap Security Gap Security Gap SSL/TLS/Firewalls Authentication Management Middleware Threats to Data Malware, Insiders SQL Injection, Malware Traffic Interceptors Malware, Insiders Credential Compromis e Data Ecosystem DataSecurityCoverage Security Gaps HP Security Voltage Data-centric Security End-to-end DataProtection
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. How to Protect Your Data Credit Card 1234 5678 8765 4321 SSN 934-72-2356 Email bob@voltage.com DOB 31-07-1966 AES FIWUYBw3Oiuqwri uweuwr %oIUOw1DF^ 8juYE %Uks&dDFa2 345^WFLERG lja&3k24kQotugD F2390^32 OOWioNu2(*872 weWOiuqwriuwe uwr%oIUOw1@ 3k24kQotugDF 2390^320OW %i Full 8736 5533 4678 9453 347-98-8309 hry@ghohawd.jiw 20-05-1972 Partial 1234 5681 5310 4321 634-34-2356 hry@ghohawd.jiw 20-05-1972 Obvious 8736 5533 4678 9453 347-98-8309 hry@ghohawd.jiw 20-05-1972 Field Level, Format-Preserving, Reversible Data De-Identification
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Solution Use Case: Global Financial Services Company •  Customer is rapidly moving to adopt open source storage and data analysis platforms •  Use cases: Fraud detection, marketing (360 degree view of what the customer is doing, to provide more relevant marketing), creating data sets or reports to sell or provide to other companies, financial modeling •  Invested in multiple data warehouse and big data platforms •  Using complex ETL tools to import data into Hadoop from sources including mainframe, distributed databases, flat files, etc. •  Protection in Hadoop is the first step in an enterprise wide data protection strategy Need •  Protect sensitive PCI and PII data as it is being imported into Hadoop. Fields protected include PAN, Bank Account, SSN, Address, City, Zip Code, Date of Birth •  HP Secure Stateless Tokenization (SST) offers PCI audit scope reduction for the Hadoop environment •  Central key and policy management infrastructure can scale enterprise wide to mainframe and distributed platforms •  Data can be protected at ingestion through integration with Sqoop and MapReduce
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Solution •  Better health analysis to customers: One of their use cases for Hadoop is to provide better analysis of health status to customers on their web site •  Catch prescription fraud: Fraudsters collect prescriptions from 5-6 doctors and get them filled by 5-6 pharmacies. The manual process takes several weeks to track. Hadoop will enable them to do this almost instantly •  Reverse claim overpayment: Often times claims are overpaid based on errors and mistakes. They hope to catch this as it happens with Hadoop •  Developer hackathons: Open the system up to their Hadoop developers as a sandbox, enabling innovation, discovery and competitive advantage – without risk Use Case: Health Care Insurance Company Need •  Utilized the massive un-tapped data sets for analysis that were hampered by compliance and risk •  Integrated HP SecureData in Sqoop so data is de-identified as it is copied from databases •  Ability to initially scale to 1000 Hadoop nodes •  Currently investigating the use of HP SecureData enterprise wide for open systems and mainframe platforms •  Enabling innovation through data access without risk with HIPAA/HITECH regulated data sets
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Use Case : Global Telecommunications Leader Protecting PII Throughout Large Scale Legacy and New Applications •  Protect 26 data types constituting PII, 500 Apps, mainframe, Teradata, Windows, Unix •  Secure data types regardless of platform •  Support wide variety of platforms including mainframe, open systems and big data platforms •  Reduce costs of having to protect data in each app and each database Need •  HP SecureData with HP Format-Preserving Encryption applied to hundreds of apps and databases •  Preservation of data formats and relationships •  Native support for z/OS, Teradata, Hadoop and Open Systems Solution •  Created SaaS, leveraged company-wide •  Protected 26 data types in over 700 applications •  Solution management required less than 1 FTE Results
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Voltage, a Leader in Data-Centric Security safeguarding data throughout its entire lifecycle – at rest, in motion, in use – across big data, cloud, on-premise and mobile environments with continuous protection www.voltage.com/hadoop
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Questions?
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Thank you
Twitter Tag: #briefr The Briefing Room Perceptions & Questions Analyst: Robin Bloor
Securing Hadoop Robin Bloor, PhD
The Sorry Truth Security was never engineered into IT systems It was always an afterthought So it is with Hadoop
Windows of Opportunity… u  The “security surface” that needs protection is always growing u  Security solutions tend to be fragmented u  The value targets are health and credit card data u  Big data is just another opportunity for the cyber thief – only bigger
Hadoop Staging
Hadoop In Use
Hadoop Security u  Hadoop presents a wide area of vulnerability u  Role-based access is required (for self-service) u  Encryption is probably a necessity u  Format-preserving encryption is preferable
The Net Net IT security is STRATEGIC Encryption is a primary plank of this
u  How “inconvenient” is HP Voltage Security? Please describe an implementation. What does the user experience? u  Security often comes with performance penalties. What is the performance cost of HP Security Voltage? u  Security needs to be integrated, so encryption needs to shake hands with authentication. How does this work with HP Voltage? u  Costs?
u  Are there any environments to which HP Security Voltage’s technology is inapplicable: OLTP, Data Streaming & Streaming Analytics, BI, Mobile, Cloud,… u  Which platforms/environments are supported? u  Which other security vendors/technologies does HP partner with for data center solutions?
Twitter Tag: #briefr The Briefing Room
Twitter Tag: #briefr The Briefing Room Upcoming Topics www.insideanalysis.com September: HADOOP 2.0 October: DATA MANAGEMENT November: ANALYTICS
Twitter Tag: #briefr The Briefing Room THANK YOU for your ATTENTION! Some images provided courtesy of Wikimedia Commons

More Related Content

PDF
Pivotal Digital Transformation Forum: Data Science
VMware Tanzu
 
PPTX
Perspectives on Ethical Big Data Governance
Cloudera, Inc.
 
PDF
Data Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
Vlad Catrinescu
 
PDF
How to Crunch Petabytes with Hadoop and Big Data Using InfoSphere BigInsights...
DATAVERSITY
 
PPTX
Intel boubker el mouttahid
BigDataExpo
 
PPSX
Reddix Group - Quantum AI - Presentation
Joe Reddix
 
PPTX
Ciso round table on effective implementation of dlp & data security
Priyanka Aash
 
PDF
Security and privacy of cloud data: what you need to know (Interop)
Druva
 
Pivotal Digital Transformation Forum: Data Science
VMware Tanzu
 
Perspectives on Ethical Big Data Governance
Cloudera, Inc.
 
Data Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
Vlad Catrinescu
 
How to Crunch Petabytes with Hadoop and Big Data Using InfoSphere BigInsights...
DATAVERSITY
 
Intel boubker el mouttahid
BigDataExpo
 
Reddix Group - Quantum AI - Presentation
Joe Reddix
 
Ciso round table on effective implementation of dlp & data security
Priyanka Aash
 
Security and privacy of cloud data: what you need to know (Interop)
Druva
 

What's hot (20)

PDF
Protecting Corporate Data When an Employee Leaves: Survey and Best Practices
Druva
 
PDF
Best Practices for Implementing Data Loss Prevention (DLP)
Sarfaraz Chougule
 
PPTX
Interoperability and the Internet of Things – To standardize or not to standa...
Real-Time Innovations (RTI)
 
PDF
All Together Now: Connected Analytics for the Internet of Everything
Inside Analysis
 
PDF
MT81 Keys to Successful Enterprise IoT Initiatives
Dell EMC World
 
PDF
The Convergence of IT, Operational Technology and the Internet of Things (IoT)
Jackson Shaw
 
PPTX
4 ways to cut your e discovery costs in half-webinar-exterro-druva
Druva
 
PPTX
Big data security
CloudBees
 
PPTX
Optimizing Regulatory Compliance with Big Data
Cloudera, Inc.
 
PPTX
Ieee itmsb20
Juan Carlos Olivares Rojas
 
PDF
2. Enterprise and Business Architecture Cloud Video Data
MrsAlways RigHt
 
PDF
Cut End-to-End eDiscovery Time in Half: Leveraging the Cloud
Druva
 
PDF
MT85 Challenges at the Edge: Dell Edge Gateways
Dell EMC World
 
PPT
Big datacamp june14_alex_liu
Data Con LA
 
PPTX
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
Andris Soroka
 
PDF
Predictive Analytics at the Speed of Business
Decision Management Solutions
 
PDF
HP Mobility Perspective at the Mobile World Congress 2014 in Barcelona
Pronq by HP
 
PPTX
Foundational Strategies for Trusted Data: Getting Your Data to the Cloud
Precisely
 
PDF
Cloud Services & the Development of ISO/IEC 27018
Corporacion Colombia Digital
 
PPT
Robert Lecklin - BigData is making a difference
IBM Sverige
 
Protecting Corporate Data When an Employee Leaves: Survey and Best Practices
Druva
 
Best Practices for Implementing Data Loss Prevention (DLP)
Sarfaraz Chougule
 
Interoperability and the Internet of Things – To standardize or not to standa...
Real-Time Innovations (RTI)
 
All Together Now: Connected Analytics for the Internet of Everything
Inside Analysis
 
MT81 Keys to Successful Enterprise IoT Initiatives
Dell EMC World
 
The Convergence of IT, Operational Technology and the Internet of Things (IoT)
Jackson Shaw
 
4 ways to cut your e discovery costs in half-webinar-exterro-druva
Druva
 
Big data security
CloudBees
 
Optimizing Regulatory Compliance with Big Data
Cloudera, Inc.
 
Ieee itmsb20
Juan Carlos Olivares Rojas
 
2. Enterprise and Business Architecture Cloud Video Data
MrsAlways RigHt
 
Cut End-to-End eDiscovery Time in Half: Leveraging the Cloud
Druva
 
MT85 Challenges at the Edge: Dell Edge Gateways
Dell EMC World
 
Big datacamp june14_alex_liu
Data Con LA
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
Andris Soroka
 
Predictive Analytics at the Speed of Business
Decision Management Solutions
 
HP Mobility Perspective at the Mobile World Congress 2014 in Barcelona
Pronq by HP
 
Foundational Strategies for Trusted Data: Getting Your Data to the Cloud
Precisely
 
Cloud Services & the Development of ISO/IEC 27018
Corporacion Colombia Digital
 
Robert Lecklin - BigData is making a difference
IBM Sverige
 
Ad

Viewers also liked (20)

PPTX
Generating Insight from Big Data in Energy and the Environment
David Wallom
 
PDF
Real time big data analytical architecture for remote sensing application
LeMeniz Infotech
 
PPT
Big Data, Security Intelligence, (And Why I Hate This Title)
Coastal Pet Products, Inc.
 
PPTX
Hdp security overview
Hortonworks
 
PDF
Building Hadoop Data Applications with Kite by Tom White
The Hive
 
PPTX
MATATABI: Cyber Threat Analysis and Defense Platform using Huge Amount of Dat...
APNIC
 
PPTX
Hadoop and Data Access Security
Cloudera, Inc.
 
DOCX
REAL-TIME BIG DATA ANALYTICAL ARCHITECTURE FOR REMOTE SENSING APPLICATION
I3E Technologies
 
PDF
Big Data: Opportunities, Strategy and Challenges
Gregg Barrett
 
PPTX
BigDataEurope - Big Data & Energy
BigData_Europe
 
PPTX
Kerberos, Token and Hadoop
Kai Zheng
 
PPTX
Building hadoop based big data environment
Evans Ye
 
PPTX
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...
CA API Management
 
PDF
Smart Analytics For The Utility Sector
Herman Bosker
 
PDF
Open-BDA - Big Data Hadoop Developer Training 10th & 11th June
Innovative Management Services
 
PPTX
Big Data, Big Content, and Aligning Your Storage Strategy
Hitachi Vantara
 
PDF
Add
I3E Technologies
 
PPTX
Hadoop security
Shivaji Dutta
 
PDF
Demystify big data data science
Mahesh Kumar CV
 
PPT
Mr. satish kumar, schnieder electric
Rohan Pinto
 
Generating Insight from Big Data in Energy and the Environment
David Wallom
 
Real time big data analytical architecture for remote sensing application
LeMeniz Infotech
 
Big Data, Security Intelligence, (And Why I Hate This Title)
Coastal Pet Products, Inc.
 
Hdp security overview
Hortonworks
 
Building Hadoop Data Applications with Kite by Tom White
The Hive
 
MATATABI: Cyber Threat Analysis and Defense Platform using Huge Amount of Dat...
APNIC
 
Hadoop and Data Access Security
Cloudera, Inc.
 
REAL-TIME BIG DATA ANALYTICAL ARCHITECTURE FOR REMOTE SENSING APPLICATION
I3E Technologies
 
Big Data: Opportunities, Strategy and Challenges
Gregg Barrett
 
BigDataEurope - Big Data & Energy
BigData_Europe
 
Kerberos, Token and Hadoop
Kai Zheng
 
Building hadoop based big data environment
Evans Ye
 
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...
CA API Management
 
Smart Analytics For The Utility Sector
Herman Bosker
 
Open-BDA - Big Data Hadoop Developer Training 10th & 11th June
Innovative Management Services
 
Big Data, Big Content, and Aligning Your Storage Strategy
Hitachi Vantara
 
Add
I3E Technologies
 
Hadoop security
Shivaji Dutta
 
Demystify big data data science
Mahesh Kumar CV
 
Mr. satish kumar, schnieder electric
Rohan Pinto
 
Ad

Similar to To Serve and Protect: Making Sense of Hadoop Security (20)

PDF
Hortonworks and Voltage Security webinar
Hortonworks
 
PDF
Voltage Security, Protecting Sensitive Data in Hadoop
HPE Security - Data Security
 
PDF
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
BigDataEverywhere
 
PPTX
Hadoop and Big Data Security
Chicago Hadoop Users Group
 
PDF
Protecting your data against cyber attacks in big data environments
at MicroFocus Italy ❖✔
 
PDF
Protecting your data against cyber attacks in big data environments
at MicroFocus Italy ❖✔
 
PDF
Isaca journal - bridging the gap between access and security in big data...
Ulf Mattsson
 
PPTX
New york oracle users group 2013 spring general meeting ulf mattsson
Ulf Mattsson
 
PDF
Solving the Really Big Tech Problems with IoT
Eric Kavanagh
 
PPTX
HPE Security Keynote from Istanbul 20th Jan 2016
SteveAtHPE
 
PDF
Five steps to secure big data
Ulf Mattsson
 
PPTX
Hadoop: Making it work for the Business Unit
DataWorks Summit
 
PDF
Dataguise hortonworks insurance_feb25
Hortonworks
 
PDF
Isaca new delhi india privacy and big data
Ulf Mattsson
 
PPTX
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Enterprise Italia
 
PDF
Data Breaches: The Untold Story
Isabelle Dumont
 
PDF
Hortonworks Protegrity Webinar: Leverage Security in Hadoop Without Sacrifici...
Hortonworks
 
PDF
Meetup presenation 06192013
Sqrrl
 
PDF
Five_Big_Data_Security_Pitfalls
Laris Orman
 
PPTX
Big data in term of security measure
Yaakub Idris
 
Hortonworks and Voltage Security webinar
Hortonworks
 
Voltage Security, Protecting Sensitive Data in Hadoop
HPE Security - Data Security
 
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
BigDataEverywhere
 
Hadoop and Big Data Security
Chicago Hadoop Users Group
 
Protecting your data against cyber attacks in big data environments
at MicroFocus Italy ❖✔
 
Protecting your data against cyber attacks in big data environments
at MicroFocus Italy ❖✔
 
Isaca journal - bridging the gap between access and security in big data...
Ulf Mattsson
 
New york oracle users group 2013 spring general meeting ulf mattsson
Ulf Mattsson
 
Solving the Really Big Tech Problems with IoT
Eric Kavanagh
 
HPE Security Keynote from Istanbul 20th Jan 2016
SteveAtHPE
 
Five steps to secure big data
Ulf Mattsson
 
Hadoop: Making it work for the Business Unit
DataWorks Summit
 
Dataguise hortonworks insurance_feb25
Hortonworks
 
Isaca new delhi india privacy and big data
Ulf Mattsson
 
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Enterprise Italia
 
Data Breaches: The Untold Story
Isabelle Dumont
 
Hortonworks Protegrity Webinar: Leverage Security in Hadoop Without Sacrifici...
Hortonworks
 
Meetup presenation 06192013
Sqrrl
 
Five_Big_Data_Security_Pitfalls
Laris Orman
 
Big data in term of security measure
Yaakub Idris
 

More from Inside Analysis (20)

PDF
An Ounce of Prevention: Forging Healthy BI
Inside Analysis
 
PDF
Agile, Automated, Aware: How to Model for Success
Inside Analysis
 
PDF
First in Class: Optimizing the Data Lake for Tighter Integration
Inside Analysis
 
PDF
Fit For Purpose: Preventing a Big Data Letdown
Inside Analysis
 
PDF
The Hadoop Guarantee: Keeping Analytics Running On Time
Inside Analysis
 
PDF
Introducing: A Complete Algebra of Data
Inside Analysis
 
PDF
The Role of Data Wrangling in Driving Hadoop Adoption
Inside Analysis
 
PDF
Ahead of the Stream: How to Future-Proof Real-Time Analytics
Inside Analysis
 
PDF
Goodbye, Bottlenecks: How Scale-Out and In-Memory Solve ETL
Inside Analysis
 
PDF
The Biggest Picture: Situational Awareness on a Global Level
Inside Analysis
 
PDF
Structurally Sound: How to Tame Your Architecture
Inside Analysis
 
PDF
SQL In Hadoop: Big Data Innovation Without the Risk
Inside Analysis
 
PDF
The Perfect Fit: Scalable Graph for Big Data
Inside Analysis
 
PDF
A Revolutionary Approach to Modernizing the Data Warehouse
Inside Analysis
 
PDF
The Maturity Model: Taking the Growing Pains Out of Hadoop
Inside Analysis
 
PDF
Rethinking Data Availability and Governance in a Mobile World
Inside Analysis
 
PDF
DisrupTech - Dave Duggal
Inside Analysis
 
PPTX
Modus Operandi
Inside Analysis
 
PPTX
Phasic Systems - Dr. Geoffrey Malafsky
Inside Analysis
 
PPT
Red Hat - Sarangan Rangachari
Inside Analysis
 
An Ounce of Prevention: Forging Healthy BI
Inside Analysis
 
Agile, Automated, Aware: How to Model for Success
Inside Analysis
 
First in Class: Optimizing the Data Lake for Tighter Integration
Inside Analysis
 
Fit For Purpose: Preventing a Big Data Letdown
Inside Analysis
 
The Hadoop Guarantee: Keeping Analytics Running On Time
Inside Analysis
 
Introducing: A Complete Algebra of Data
Inside Analysis
 
The Role of Data Wrangling in Driving Hadoop Adoption
Inside Analysis
 
Ahead of the Stream: How to Future-Proof Real-Time Analytics
Inside Analysis
 
Goodbye, Bottlenecks: How Scale-Out and In-Memory Solve ETL
Inside Analysis
 
The Biggest Picture: Situational Awareness on a Global Level
Inside Analysis
 
Structurally Sound: How to Tame Your Architecture
Inside Analysis
 
SQL In Hadoop: Big Data Innovation Without the Risk
Inside Analysis
 
The Perfect Fit: Scalable Graph for Big Data
Inside Analysis
 
A Revolutionary Approach to Modernizing the Data Warehouse
Inside Analysis
 
The Maturity Model: Taking the Growing Pains Out of Hadoop
Inside Analysis
 
Rethinking Data Availability and Governance in a Mobile World
Inside Analysis
 
DisrupTech - Dave Duggal
Inside Analysis
 
Modus Operandi
Inside Analysis
 
Phasic Systems - Dr. Geoffrey Malafsky
Inside Analysis
 
Red Hat - Sarangan Rangachari
Inside Analysis
 

Recently uploaded (20)

PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
solutions_manual_-_materials___processing_in_manufacturing__demargo_.pdf
AbdullahSani29
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Cloud computing and distributed systems.
kkkkkhan
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
solutions_manual_-_materials___processing_in_manufacturing__demargo_.pdf
AbdullahSani29
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Approach and Philosophy of On baking technology
30anthuong17
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 

To Serve and Protect: Making Sense of Hadoop Security

  • 1. Grab some coffee and enjoy the pre-­show banter before the top of the hour!
  • 2. The Briefing Room To Serve and Protect: Making Sense of Hadoop Security
  • 3. Twitter Tag: #briefr The Briefing Room Welcome Host: Eric Kavanagh eric.kavanagh@bloorgroup.com @eric_kavanagh
  • 4. Twitter Tag: #briefr The Briefing Room   Reveal the essential characteristics of enterprise software, good and bad   Provide a forum for detailed analysis of today s innovative technologies   Give vendors a chance to explain their product to savvy analysts   Allow audience members to pose serious questions... and get answers! Mission
  • 5. Twitter Tag: #briefr The Briefing Room Topics September: HADOOP 2.0 October: DATA MANAGEMENT November: ANALYTICS
  • 6. Twitter Tag: #briefr The Briefing Room
  • 7. Twitter Tag: #briefr The Briefing Room Analyst: Robin Bloor Robin Bloor is Chief Analyst at The Bloor Group robin.bloor@bloorgroup.com @robinbloor
  • 8. Twitter Tag: #briefr The Briefing Room HP Security Voltage   HP recently acquired Voltage Security (now HP Security Voltage) to expand its data security solutions for big data and the cloud   HP Security Voltage provides data and email protection   Its security product features data encryption, tokenization and key management over structured and unstructured data, including data in Hadoop
  • 9. Twitter Tag: #briefr The Briefing Room Guest: Sudeep Venkatesh Sudeep Venkatesh is a noted expert in data protection solutions, bringing over a decade of industry and technology experience in this area to HP Security Voltage. His expertise spans data protection, security infrastructures, cloud security, identity and access management, encryption, and the PCI standards both for the commercial and government sectors. He has worked on numerous global security projects with Fortune 500 firms in the United States and globally. At HP Security Voltage, Sudeep serves in the position of Vice President of Solution Architecture, with responsibility over designing solutions for some of HP Security Voltage's largest customers in the end-to-end data protection portfolio. This includes email, file and document encryption, as well as the protection of sensitive data in databases, applications and payments systems.
  • 10. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.© Copyright 2015Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted HP Security Voltage Data-Centric Security & Encryption Solutions Sudeep Venkatesh September 22, 2015
  • 11. Monetization Data Sold on Black Market Research Potential Targets Research Infiltration Phishing Attack and Malware Discovery Mapping Breached Environment Capture Obtain data Attack Life Cycle Exfiltration/Damage Exfiltrate/Destroy Stolen Data
  • 12. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Why is Securing Hadoop Difficult? • Multiple sources of data from multiple enterprise systems, and real-time feeds with varying (or unknown) protection requirements • Rapid innovation in a well-funded open-source developer community • Multiple types of data combined together in the Hadoop “data lake”
  • 13. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Why is Securing Hadoop Difficult? • Automatic replication of data across multiple nodes once entered into the HDFS data store • Access by many different users with varying analytic needs • Reduced control if Hadoop clusters are deployed in a cloud environment
  • 14. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Existing Ways to Secure Hadoop •  Existing IT security − Network firewalls − Logging and monitoring − Configuration management Need to augment these with “data-centric” protection of data in use, in motion and at rest •  Enterprise-scale security for Apache Hadoop − Apache Knox: Perimeter security − Kerberos: Strong authentication − Apache Ranger: Monitoring and Management
  • 15. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. What is Data-Centric Protection? Storage File Systems Databases Data & Applications Traditional IT Infrastructure Security Disk Encryption Database Encryption SSL/TLS/Firewalls Security Gap Security Gap Security Gap Security Gap SSL/TLS/Firewalls Authentication Management Middleware Threats to Data Malware, Insiders SQL Injection, Malware Traffic Interceptors Malware, Insiders Credential Compromise Data Ecosystem DataSecurityCoverage Security Gaps
  • 16. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. What Kind of Protection Closes the Security Gap?
  • 17. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. End-to-End Sensitive Data Protection at Rest, in Motion, and in Use Storage File Systems Databases Data & Applications Traditional IT Infrastructure Security Disk Encryption Database Encryption SSL/TLS/Firewalls Security Gap Security Gap Security Gap Security Gap SSL/TLS/Firewalls Authentication Management Middleware Threats to Data Malware, Insiders SQL Injection, Malware Traffic Interceptors Malware, Insiders Credential Compromis e Data Ecosystem DataSecurityCoverage Security Gaps HP Security Voltage Data-centric Security End-to-end DataProtection
  • 18. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. How to Protect Your Data Credit Card 1234 5678 8765 4321 SSN 934-72-2356 Email bob@voltage.com DOB 31-07-1966 AES FIWUYBw3Oiuqwri uweuwr %oIUOw1DF^ 8juYE %Uks&dDFa2 345^WFLERG lja&3k24kQotugD F2390^32 OOWioNu2(*872 weWOiuqwriuwe uwr%oIUOw1@ 3k24kQotugDF 2390^320OW %i Full 8736 5533 4678 9453 347-98-8309 hry@ghohawd.jiw 20-05-1972 Partial 1234 5681 5310 4321 634-34-2356 hry@ghohawd.jiw 20-05-1972 Obvious 8736 5533 4678 9453 347-98-8309 hry@ghohawd.jiw 20-05-1972 Field Level, Format-Preserving, Reversible Data De-Identification
  • 19. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Solution Use Case: Global Financial Services Company •  Customer is rapidly moving to adopt open source storage and data analysis platforms •  Use cases: Fraud detection, marketing (360 degree view of what the customer is doing, to provide more relevant marketing), creating data sets or reports to sell or provide to other companies, financial modeling •  Invested in multiple data warehouse and big data platforms •  Using complex ETL tools to import data into Hadoop from sources including mainframe, distributed databases, flat files, etc. •  Protection in Hadoop is the first step in an enterprise wide data protection strategy Need •  Protect sensitive PCI and PII data as it is being imported into Hadoop. Fields protected include PAN, Bank Account, SSN, Address, City, Zip Code, Date of Birth •  HP Secure Stateless Tokenization (SST) offers PCI audit scope reduction for the Hadoop environment •  Central key and policy management infrastructure can scale enterprise wide to mainframe and distributed platforms •  Data can be protected at ingestion through integration with Sqoop and MapReduce
  • 20. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Solution •  Better health analysis to customers: One of their use cases for Hadoop is to provide better analysis of health status to customers on their web site •  Catch prescription fraud: Fraudsters collect prescriptions from 5-6 doctors and get them filled by 5-6 pharmacies. The manual process takes several weeks to track. Hadoop will enable them to do this almost instantly •  Reverse claim overpayment: Often times claims are overpaid based on errors and mistakes. They hope to catch this as it happens with Hadoop •  Developer hackathons: Open the system up to their Hadoop developers as a sandbox, enabling innovation, discovery and competitive advantage – without risk Use Case: Health Care Insurance Company Need •  Utilized the massive un-tapped data sets for analysis that were hampered by compliance and risk •  Integrated HP SecureData in Sqoop so data is de-identified as it is copied from databases •  Ability to initially scale to 1000 Hadoop nodes •  Currently investigating the use of HP SecureData enterprise wide for open systems and mainframe platforms •  Enabling innovation through data access without risk with HIPAA/HITECH regulated data sets
  • 21. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Use Case : Global Telecommunications Leader Protecting PII Throughout Large Scale Legacy and New Applications •  Protect 26 data types constituting PII, 500 Apps, mainframe, Teradata, Windows, Unix •  Secure data types regardless of platform •  Support wide variety of platforms including mainframe, open systems and big data platforms •  Reduce costs of having to protect data in each app and each database Need •  HP SecureData with HP Format-Preserving Encryption applied to hundreds of apps and databases •  Preservation of data formats and relationships •  Native support for z/OS, Teradata, Hadoop and Open Systems Solution •  Created SaaS, leveraged company-wide •  Protected 26 data types in over 700 applications •  Solution management required less than 1 FTE Results
  • 22. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Voltage, a Leader in Data-Centric Security safeguarding data throughout its entire lifecycle – at rest, in motion, in use – across big data, cloud, on-premise and mobile environments with continuous protection www.voltage.com/hadoop
  • 23. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Questions?
  • 24. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Thank you
  • 25. Twitter Tag: #briefr The Briefing Room Perceptions & Questions Analyst: Robin Bloor
  • 27. The Sorry Truth Security was never engineered into IT systems It was always an afterthought So it is with Hadoop
  • 28. Windows of Opportunity… u  The “security surface” that needs protection is always growing u  Security solutions tend to be fragmented u  The value targets are health and credit card data u  Big data is just another opportunity for the cyber thief – only bigger
  • 31. Hadoop Security u  Hadoop presents a wide area of vulnerability u  Role-based access is required (for self-service) u  Encryption is probably a necessity u  Format-preserving encryption is preferable
  • 32. The Net Net IT security is STRATEGIC Encryption is a primary plank of this
  • 33. u  How “inconvenient” is HP Voltage Security? Please describe an implementation. What does the user experience? u  Security often comes with performance penalties. What is the performance cost of HP Security Voltage? u  Security needs to be integrated, so encryption needs to shake hands with authentication. How does this work with HP Voltage? u  Costs?
  • 34. u  Are there any environments to which HP Security Voltage’s technology is inapplicable: OLTP, Data Streaming & Streaming Analytics, BI, Mobile, Cloud,… u  Which platforms/environments are supported? u  Which other security vendors/technologies does HP partner with for data center solutions?
  • 35. Twitter Tag: #briefr The Briefing Room
  • 36. Twitter Tag: #briefr The Briefing Room Upcoming Topics www.insideanalysis.com September: HADOOP 2.0 October: DATA MANAGEMENT November: ANALYTICS
  • 37. Twitter Tag: #briefr The Briefing Room THANK YOU for your ATTENTION! Some images provided courtesy of Wikimedia Commons