C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood

742
-1

Published on

As adoption of NoSQL solutions like Apache Cassandra grows, so too does the likelihood that organizations will use it to capture and analyze sensitive data. Enterprises that don't take every precaution to protect this data leave themselves exposed to risk of a data breach, and depending on the regulatory nature of the data, fines for noncompliance. This session will discuss how transparent data encryption and advanced key management protect data at-rest and in-flight, so regardless of where the data resides — either on premises or in the cloud -- it remains garbled and unreadable to all people, processes and applications that don't require immediate access. The session will also cover DevOps automation tools that ensure rapid distributed deployment of big data security across thousands of nodes.

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
742
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
23
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood

  1. 1. Lock it Up: Securing Sensitive DataSam Heywood vice president of marketing, Gazzang
  2. 2. *  Flexibility*  Scalability*  Performance*  Manage massive volumes of structured and unstructured dataApache Cassandra Benefits
  3. 3. *  Flexibility*  Scalability*  Performance* Manage massive volumes of structured andunstructured dataApache Cassandra Benefits
  4. 4. *  Personally identifiable information*  Insurance claim details*  Genomics research data*  Customer profile data*  Medical treatment histories*  Confidential financial records*  Student records*  DRM data*  Social media credentials*  GPS location dataDatasets Our Customers are Managing with Cassandra
  5. 5. *  Personally identifiable information*  Insurance claim details*  Genomics research data*  Customer profile data*  Medical treatment histories*  Confidential financial records*  Student records*  DRM data*  Social media credentialsDatasets Our Customers are Managing with Cassandra
  6. 6. *  Personally identifiable information*  Insurance claim details*  Genomics research data*  Customer profile data*  Medical treatment histories* Confidential financial records*  Student records*  DRM data*  Social media credentials*  GPS location dataDatasets Our Customers are Managing with Cassandra
  7. 7. * Personally identifiable information*  Insurance claim details*  Genomics research data*  Customer profile data*  Medical treatment histories*  Confidential financial records* Student records*  DRM data*  Social media credentials*  GPS location dataDatasets Our Customers are Managing with Cassandra
  8. 8. * Personally identifiable information*  Insurance claim details*  Genomics research data* Customer profile data*  Medical treatment histories*  Confidential financial records*  Student records*  DRM data* Social media credentials*  GPS location dataDatasets Our Customers are Managing with Cassandra
  9. 9. Why Should You Protect this Data?
  10. 10. Breaches Hit Every Industry
  11. 11. *  The average cost of a data breach in the US is $5.5 million dollars*  In March, the U.S Department of HHS and BCBS of Tennessee settledfor $1.5 million for potential HIPAA violations•  1  million  individual’s  records  were  breached  off  unencrypted  hard  drives  •  Stronger  HIPAA  rules  increase  fines  for  non-­‐compliance  Breaches are Expensive
  12. 12. It’s the Right Thing To Do For Your CustomersMost Importantly…
  13. 13. *  “I need to protect sensitive data in my cloud”•  Ensure  sensiBve  data  and  encrypBon  keys  are  never  stored    in  plain  text  or  exposed  publicly    •  Maintain  control  of  your  encrypBon  keys  and  your  regulatory  data  to  ensure  compliance  *  “Help me secure my big data infrastructure”•  Harden  Big  Data  infrastructures  that  have  weak  security  and  no    cryptographic  protecBon  •  Maintain  Big  Data  performance  and  availability  What We Hear From Our Customers
  14. 14. *  “I need to maintain control of my keys”•  Manage  the  rapid  growth  of  key,  cerBficate,  token,  and  object  proliferaBon  caused  by  cloud/Big  Data  adopBon  •  Consolidate  IT  security  objects  and  bring  them  under  a    consistent  set  of  controls  and  policies  *  “My cloud provider should not have access to my data”•  Deploy  mulB-­‐factor  authenBcaBon  in  the  cloud  •  Establish  and  enforce  robust  access  controls  for  sensiBve  objects  What We Hear From Our Customers
  15. 15. *  zNcrypt™  •  Provides  transparent  data  encrypBon  to  secure  Big  Data  (NoSQL  and  SQL  open  source  plaRorms)  in  the  cloud  or  on  premises.    *  zTrustee™  •  A  soUware  only  “virtual  HSM”  to  manage  and  secure  ANY  opaque  IT  object.    Policy-­‐driven  vault  for  securing  and  managing  an  organizaBon’s  most  important  IT  security  items  (cryptographic  keys,  tokens,  cerBficates,  configs,  and  more).      *  zOps™  •  A  single,  unified  console  for  monitoring  Gazzang  acBons  and  their  impact  on  the  “Big  Data  stack”(security  threats,  cloud  integrity,  IO,  performance,  machine  behavior  and  more).    The Gazzang Solution Suite
  16. 16. zNcrypt sits between the file system and any database, application orservice running on Linux to encrypt data before written to the disk.•  AES-256 encryption•  Process-based ACLs•  Multiple encrypted mount points•  Requires no changes to app,data or storage•  Enterprise scalability•  Packaged support for Cassandra,Hadoop, MongoDB, MySQL,PostgreSQL, RiakGazzang File Level Encryption
  17. 17. Securing “opaque objects” with policy management and adaptive“trustee” authorization capabilitiesGazzang zTrustee™ - Controlling Authentication Objects•  Trustee  votes  •  Time  to  live  •  Retrieval  limits  •  Single-­‐use  URL  •  Client  permissions  Trustees  must  approve  release  of  objects  in  accordance  with  the  deposit  policy  API  Library  •  Java  •  Python  •  C  library  
  18. 18. *  Install zNcrypt•  Package  managers  (yum,  apt-­‐get)  and  Chef  *  Create master encryption key•  Passphrase  method  (opBonal  “split  security”)  •  RSA  Key  file  method  *  Create ACLs•  Simple  command-­‐lines  (ALLOW/DENY  style)  •  Almost  any  process  or  script  allowed:  •  Virtually  any  applicaBon,  process  or  script:    Apache,  Tomcat,  MongoDB,  MySQL,  backup  soUware,  document  management,  etc  *  Encrypt data•  Simple  command  line  calls,  down  to  the  file  level  Ease of Deployment
  19. 19. Chef – Opscode Community
  20. 20. https://github.com/gazzang/cookbooks/tree/master/zncryptzNcrypt Cookbook Source on github
  21. 21. *  Headquartered in Austin, TX*  Focused on high-performance data encryptionand key management*  Specialize in securing cloud and big dataenvironments: Apache Cassandra and Hadoop*  Serve a variety of verticals: Health care, retail,government, education, ITAbout Gazzang
  22. 22. *  Visit www.gazzang.com/csummitsf•  Take  our  survey  for  a  chance  to  win  a  $200  Amex  •  Download  our  “Securing  Cassandra”  white  paper  •  Watch  the  Gazzang-­‐DataStax  security  webinar  •  Stop  by  our  booth  for  a  chance  to  win  a  GoPro  camera  *  Email sales@gazzang.com to set up a demoThank You
  23. 23. THANK YOU

×