Your SlideShare is downloading. ×
  • Like
Sqrrl May Webinar: Data-Centric Security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Sqrrl May Webinar: Data-Centric Security

  • 78 views
Published

This webinar discusses the dissolution of the "trusted zone" and shares insights on how you can build secure applications on Hadoop by adopting best practices in Data-Centric Security with Sqrrl …

This webinar discusses the dissolution of the "trusted zone" and shares insights on how you can build secure applications on Hadoop by adopting best practices in Data-Centric Security with Sqrrl Enterprise.

Published in Data & Analytics , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
78
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
5
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Securely explore your data BULLET-PROOF YOUR BIG APPS WITH DATA-CENTRIC SECURITY Joe Travaglini, Director of Product Marketing May 27, 2014
  • 2. OUTLINE •  The Context •  Stakes of security in Big Data •  Breakdown of the “Trusted Zone” •  Data-Centric Security •  What is it and why should I care? •  Examples in practice with Sqrrl Enterprise •  Wrap Up 2© 2014 Sqrrl Data, Inc. | All Rights Reserved
  • 3. SETTING CONTEXT SOME DIFFICULT REALITIES © 2014 Sqrrl Data, Inc. | All Rights Reserved 3
  • 4. THERE IS NO SECURE PERIMETER •  Corporate intranets are dirty •  Cloud Computing •  Bring your own device •  Sophistication of threats: APT / malicious insider •  Know thy network •  Embrace the chaos, change the game The changing face of the “trusted zone” 4© 2014 Sqrrl Data, Inc. | All Rights Reserved
  • 5. UPPING THE ANTE •  The “Big Promise” – keep everything, mine it, strike gold •  Consolidating data means compounding risk •  Traditional protection is insufficient •  Breach events have larger blast radius •  We can’t protect data, why not let it protect itself? Big Data amplifies the stakes of security 5© 2014 Sqrrl Data, Inc. | All Rights Reserved
  • 6. THE IMPORTANCE OF DATA-CENTRIC SECURITY © 2014 Sqrrl Data, Inc. | All Rights Reserved 6
  • 7. DCS REFERENCE ARCHITECTURE Things to consider when protecting data 7© 2014 Sqrrl Data, Inc. | All Rights Reserved
  • 8. REFERENCE IMPLEMENTATION How Sqrrl manifests Data-Centric Security 8© 2014 Sqrrl Data, Inc. | All Rights Reserved
  • 9. ACCUMULO DATUM RECORD Example Accumulo Row © 2014 Sqrrl Data, Inc. | All Rights Reserved 9 Visibility Labels, BigTable style
  • 10. SQRRL DATUM RECORD Example Nested Sqrrl Document © 2014 Sqrrl Data, Inc. | All Rights Reserved 10 Visibility Labels, Sqrrl style
  • 11. SQRRL LABELING ENGINE { “message-id” : “129434”, “message” : { “from” : “Dr. Bob Doctor <drbob@example.com>”, “subject” : “Test Results”, “importance” : 10, “body” : “Everything came back OK.nnI will see you in the office on Friday.” } } © 2014 Sqrrl Data, Inc. | All Rights Reserved 11 Rule-based assignment of labels to data { “message-id” : “129434”, “message@[veryimportant]” : { “from” : “Dr. Bob Doctor <drbob@example.com>”, “subject” : “Test Results”, “importance” : 10, “body” : “Everything came back OK.nnI will see you in the office on Friday.” } } APPLY veryimportant to //mailbox/messages[**]/message WHERE CHILD importance >= 10
  • 12. ENCRYPTION CAPABILITIES •  Encryption at rest •  Encryption in motion •  Pluggable Encryption © 2014 Sqrrl Data, Inc. | All Rights Reserved 12
  • 13. ENCRYPTION AT REST © 2014 Sqrrl Data, Inc. | All Rights Reserved 13
  • 14. ENCRYPTION IN MOTION •  Encrypt all network traffic with SSL •  Sqrrl client to Sqrrl server •  Sqrrl server to Accumulo server •  Accumulo server to Accumulo server © 2014 Sqrrl Data, Inc. | All Rights Reserved 14 Sqrrl Enterprise was never vulnerable to Heartbleed
  • 15. CRYPTO CONTRIBUTIONS •  ACCUMULO-958: Pluggable encryption to Write- Ahead Logs •  ACCUMULO-980: Pluggable encryption to RFiles •  ACCUMULO-1009: Encryption in motion Sqrrl contributed each to open-source Accumulo © 2014 Sqrrl Data, Inc. | All Rights Reserved 15
  • 16. SECURE SEARCH •  Search can be a source of leakage •  Revealing existence of data elements, names… •  …or worse, more information •  Indexes are data too •  Protections should mirror underlying data Sqrrl Enterprise is the only Big Data Solution with term-level security on search indexes © 2014 Sqrrl Data, Inc. | All Rights Reserved 16 Preserving data security in search indexes
  • 17. SQRRL AUDIT •  Records every client action against system •  Provides info on request, security operations attempted •  Stored securely to prevent tampering © 2014 Sqrrl Data, Inc. | All Rights Reserved 17 Immutable history for compliance purposes
  • 18. WRAPPING UP © 2014 Sqrrl Data, Inc. | All Rights Reserved 18
  • 19. RECAP •  Changing technology landscape •  Perimeter controls not keeping pace •  Big Data security is hard •  Technology velocity, data gravity •  Unknown unknowns •  Adopt Data-Centric Security principles for best chances at success •  (Sqrrl has them) © 2014 Sqrrl Data, Inc. | All Rights Reserved 19
  • 20. NARROWING THE BOUNDARY © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • 21. NARROWING THE BOUNDARY © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • 22. TOWARDS THE FUTURE © 2013 Sqrrl | All Rights Reserved | Proprietary and Confidential
  • 23. DCS MATURITY CHART © 2014 Sqrrl Data, Inc. | All Rights Reserved | Proprietary and Confidential 23 Sqrrl leads the NoSQL pack Apache HBase Apache Accumulo Datastax Enterprise MongoDB Enterprise Sqrrl Enterprise Secure Full-Text Search Non-secure Non-secure ✔ Secure Graph Search ✔ Cell-Level Security ✔ ✔ Not robust ✔ Labeling + Policy Engines ✔ Native Encryption At rest ✔ ✔ In motion, client-server only ✔ ABAC ✔ Audit 3rd Party ✔ Unauthorized only ✔
  • 24. THANKS! Brought to you by: Sqrrl Data, Inc. info@sqrrl.com @SqrrlData http://www.sqrrl.com Presented by: Joe Travaglini jtrav@sqrrl.com @joe_travaglini http://www.linkedin.com/in/jtrav © 2014 Sqrrl Data, Inc. | All Rights Reserved 24 Follow us to keep up with the latest
  • 25. Q&A © 2014 Sqrrl Data, Inc. | All Rights Reserved 25