SlideShare a Scribd company logo

Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017

Big Data Spain
Big Data Spain

This talk gives a technical and innovative overview of how companies can face the challenge of protecting the data and services that are in their data-centric platform, focusing on three main aspects: implementing network segmentation, managing AAA and securing data processing. https://www.bigdataspain.org/2017/talk/big-data-security-facing-the-challenge Big Data Spain 2017 16th - 17th November Kinépolis Madrid

Technology
1 of 52
Download to read offline
Big Data Security Facing the challenge
Experience the presentation xlic.es/v/E98605
© Stratio 2017. Confidential, All Rights Reserved. 3 About me • Father of a 5 year old child • Technical leader in Architecture and Security team at Stratio • Sailing skipper
© Stratio 2017. Confidential, All Rights Reserved. In your opinion, how difficult is it to manage security in your projects? 4 ● Very difficult ● Difficult ● Easy ● Very Easy ● What is security?
DATA GOVERNANCE LOGS CENTRALIZATION PROJECTS FOR EVER ONGOING IN BIG COMPANIES In a monolithic application centric it with data silos these initiatives never get accomplished HUNDRED OF MILLIONS OF EUROS SPENT DURING THE YEARS IN GLOBAL IT CROSS INITIATIVES SAS CRM Earnix (Pricing) Towers Watson ERP Data Warehouse Lab H0 (Plataforma Big Data compartida por el grupo) WebFocus Oracle Mainframe MONITORING SECURITYDATA SECURITY AUDIT
PROJECTS FOR EVER ONGOING IN BIG COMPANIES DATA GOVERNANCE LOGS CENTRALIZATION MONITORING DATA SECURITY AUDIT 1 2 3 4 5
PROJECTS FOR EVER ONGOING IN BIG COMPANIES DATA GOVERNANCE LOGS CENTRALIZATION MONITORING DATA SECURITY AUDIT 1 2 3 4 5
PROJECTS FOR EVER ONGOING IN BIG COMPANIES DATA GOVERNANCE LOGS CENTRALIZATION MONITORING DATA SECURITY AUDIT 1 2 3 4 5
GALGO CHASING ELECTRONIC RABBIT… COMPANIES ALWAYS TRY TO GET THE RABBIT In an application centric company with data silos you never will be able to achieve successfully those projects DATA GOVERNANCE LOGS CENTRALIZATION MONITORING SECURITY DATA SECURITY AUDIT
STRUCTURAL INITIATIVES ARE SOLVED COMPLETELY WITH DATA CENTRIC DaaS (data as a service) Data Data Intelligence DATA GOVERNANCE LOGS CENTRALIZATION MONITORING SECURITYDATA SECURITY AUDIT Functionalities Implemented in the product
RABBIT IN A JAIL MINIMUM EFFORT AND COST TO GET THE RABBIT
Facing the challenge
© Stratio 2017. Confidential, All Rights Reserved. 13 SECURITY IN A DATA CENTRIC Protect the data • Perimeter security to access the cluster. • Support identity management and authentication to prove that a user/service is who claims to be. • In a multi-data store platform ACLs should be centralized to simplified the correct authorization to different data stores. • Audit events must be centralized to control misuse of the cluster in real time. • Data integrity and confidentiality in network communications to protect data on the fly. Protect the service • Perimeter security to access the cluster. • Support identity management and authentication to prove that a user/service is who claims to be. • A user/service should be authorized so more resources than expected are not used. • A user/service should not interfere with other users/services when it is not needed. • To control the use of resources, it should be audited.
VAULT
VAULT
VAULT
VAULT
VAULT
© Stratio 2017. Confidential, All Rights Reserved. In order to guide the security priorities in the product roadmap, we are focused on helping to comply with LOPD within the platform. Every release of the Stratio platform, the security status is notified through: ● Results of the OWASP tests for the main components of the platform. ● Results of additional general purpose security tests defined to assure the quality expected. ● Security Risk Report that includes the known issues found. ● When Critical and High issues are found: ○ We explain how can be mitigated. ○ We plan to solve them during the next release. 19 SECURITY OVERVIEW
© Stratio 2017. Confidential, All Rights Reserved. 20 PERIMETER SECURITY: NETWORKING Public Network Private network Private Agents Admin network Admin Router Master Nodes Admin network Admin Router Public Agents • The default network configuration allows a zone-based network security design: Public. Admin. Private. • Using Mesos roles to identify nodes ensures that only tasks specifically configured with this role will be executed outside the Private zone. • Using Marathon labels, endpoints can be registered dynamically: Admin Router for the Admin zone. Marathon LB for the Public zone.
© Stratio 2017. Confidential, All Rights Reserved. The solution is integrated with LDAP and Kerberos owned by the company where Stratio DCS is installed. 21 AUTHENTICATION, AUTHORIZATION AND AUDIT • Authentication: Web: OAuth2. Services & Data Stores: Kerberos or TLS-Mutual. • Authorization: OAuth2 goSec Management: API Rest and website used to manage roles, profiles and ACLs. Also it shows users, groups and audit data. • Audit: authentication and authorization events are structured and stored in a data bus (Kafka) to be computed and collected.
© Stratio 2017. Confidential, All Rights Reserved. Plugins are lightweight programs running within processes of each cluster component. They are responsible for: • Authorization (using goSec ACLs). • Audit of every request sent to the component. Currently plugins have been developed for: • Crossdata • Sparta • Zookeeper • HDFS 22 AUTHENTICATION, AUTHORIZATION AND AUDIT • Kafka • Elasticsearch
© Stratio 2017. Confidential, All Rights Reserved. • It is a good practice to manage secretes by key management system instead of store them locally. • For this purpose Stratio DCS uses HashiCorp Vault 23 KEY MANAGEMENT SYSTEM
© Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain authentication tokens in a secure way? • Where applications save vault’s tokens? • How are tokens protected? • How will I know if someone steal tokens? 24 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application MarathonAdmin
© Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain authentication tokens in a secure way? • Where applications save vault’s tokens? • How are tokens protected? • How will I know if someone steal tokens? 25 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application Marathon one time secret Run Application Env: one time secretAdmin
© Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain authentication tokens in a secure way? • Where applications save vault’s tokens? • How are tokens protected? • How will I know if someone steal tokens? 26 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application Marathon one time secret login Run Application Env: one time secret token < - > ACL Admin
© Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain tokens in a secure way? • Where applications save vault’s tokens? • How are tokens guarded? • How will I know if someone steal tokens? 27 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application Marathon one time secret Run Application Env: one time secretAdmin
© Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain tokens in a secure way? • Where applications save vault’s tokens? • How are tokens guarded? • How will I know if someone steal tokens? 28 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application Marathon one time secret login Run Application Env: one time secretAdmin
© Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain tokens in a secure way? • Where applications save vault’s tokens? • How are tokens guarded? • How will I know if someone steal tokens? 29 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application Marathon one time secret login Run Application Env: one time secretAdmin
© Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain tokens in a secure way? • Where applications save vault’s tokens? • How are tokens guarded? • How will I know if someone steal tokens? 30 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application Marathon one time secret login Run Application Env: one time secret Logs Alert Admin
© Stratio 2017. Confidential, All Rights Reserved. • Spark jobs need access to multiple data stores so that Spark needs to support the security of Stratio DCS. • Spark 2.x compilation has been modified by Stratio in order to: Access secrets that are stored in the KMS. Allow access to Kerberized HDFS. Allow access to PostgreSQL with TLS authentication. Allow access to Elasticsearch TLS authentication. Allow access to Kafka with TLS authentication. 31 DATA PROCESSING ENGINE: SPARK
© Stratio 2017. Confidential, All Rights Reserved. 32 PROTECT THE DATA Admin Perimeter security Authentication, Authorization, Audit Ciphered communications - use case -
© Stratio 2017. Confidential, All Rights Reserved. 33 PROTECT THE DATA Admin Perimeter security Authentication, Authorization, Audit Ciphered communications - use case -
© Stratio 2017. Confidential, All Rights Reserved. 34 PROTECT THE DATA Admin Perimeter security Authentication, Authorization, Audit Ciphered communications - use case -
© Stratio 2017. Confidential, All Rights Reserved. 35 PROTECT THE DATA Admin Perimeter security Authentication, Authorization, Audit Ciphered communications - use case -
© Stratio 2017. Confidential, All Rights Reserved. 36 PROTECT THE DATA Admin Perimeter security Authentication, Authorization, Audit Ciphered communications - use case -
© Stratio 2017. Confidential, All Rights Reserved. 37 PROTECT THE DATA Admin Perimeter security Authentication, Authorization, Audit Ciphered communications - use case -
© Stratio 2017. Confidential, All Rights Reserved. • Stratio DCS cluster resources (memory, disk, cpus and port ranges) are managed by Mesos. • Mesos, Marathon and Metronome security can be activated post-installation in order to limit the use of the available resources for each framework. • Once it is activated, admins will be able to: Reserve resources for a Mesos role. Grant permissions for each user/framework to do actions such as register frameworks, run tasks, reserve resources, create volumes, etc. • Grant a minimum set of resources to a specific mesos role 38 MULTI-TENANCY CAPABILITIES: RESOURCES ISOLATION Mesos Cluster MASTER Marathon AGENT 1 role=slave_public AGENT 2 role=* AGENT 3 role=postgresql AGENT 5 role=* AGENT 4 role=*
© Stratio 2017. Confidential, All Rights Reserved. 39 MULTI-TENANCY CAPABILITIES: NETWORKS ISOLATION • What about network isolation into containerized world? • For this purpose Stratio DCS uses Project Calico
© Stratio 2017. Confidential, All Rights Reserved. • Virtual networks topologies can be created dynamically. • Virtual networks topologies can be managed by network policies. • Virtual networks can manage all Mesos supported containerized technologies. • Virtual networks barely impacts big data performance. • Frameworks/apps are authorized into a network. • Frameworks/apps can be isolated into a virtual network. • Frameworks/apps IP addresses and ports are managed by instance. 40 MULTI-TENANCY CAPABILITIES: NETWORKS ISOLATION
Network Isolation components
Network Isolation Virtual Networks
Network Isolation Integration
© Stratio 2017. Confidential, All Rights Reserved. 44 PROTECT THE SERVICE Admin Framework authentication Check resources for the role Authorization to launch tasks Authorization to use the network Audit (logs and Mesos API) - use case -
© Stratio 2017. Confidential, All Rights Reserved. 45 PROTECT THE SERVICE Admin Framework authentication Check resources for the role Authorization to launch tasks Authorization to use the network Audit (logs and Mesos API) - use case - At least 1 core, 1GB to framework 1
© Stratio 2017. Confidential, All Rights Reserved. 46 PROTECT THE SERVICE Admin Framework authentication Check resources for the role Authorization to launch tasks Authorization to use the network Audit (logs and Mesos API) - use case - net_2: Deny from framework 1 At least 1 core, 1GB to framework 1
© Stratio 2017. Confidential, All Rights Reserved. 47 PROTECT THE SERVICE User 2. Launches FRAMEWORK 1 Admin User 2. Launches FRAMEWORK 2 Framework authentication Check resources for the role Authorization to launch tasks Authorization to use the network Audit (logs and Mesos API) - use case - net_2: Deny from framework 1 At least 1 core, 1GB to framework 1
© Stratio 2017. Confidential, All Rights Reserved. 48 PROTECT THE SERVICE User 2. Launches FRAMEWORK 1 Admin User 2. Launches FRAMEWORK 2 Framework authentication Check resources for the role Authorization to launch tasks Authorization to use the network Audit (logs and Mesos API) - use case - net_2: Deny from framework 1 At least 1 core, 1GB to framework 1
© Stratio 2017. Confidential, All Rights Reserved. MULTI-DATA CENTER 49 - a use case -
Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017
Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017

Recommended

Keeping your Enterprise’s Big Data Secure by Owen O’Malley at Big Data Spain ...
Keeping your Enterprise’s Big Data Secure by Owen O’Malley at Big Data Spain ...Keeping your Enterprise’s Big Data Secure by Owen O’Malley at Big Data Spain ...
Keeping your Enterprise’s Big Data Secure by Owen O’Malley at Big Data Spain ...
Big Data Spain
 
Managing the Dewey Decimal System
Managing the Dewey Decimal SystemManaging the Dewey Decimal System
Managing the Dewey Decimal System
DataWorks Summit
 
Blockchain and Apache NiFi
Blockchain and Apache NiFiBlockchain and Apache NiFi
Blockchain and Apache NiFi
Timothy Spann
 
Building Event-Driven Microservices using Kafka Streams (Stathis Souris, Thou...
Building Event-Driven Microservices using Kafka Streams (Stathis Souris, Thou...Building Event-Driven Microservices using Kafka Streams (Stathis Souris, Thou...
Building Event-Driven Microservices using Kafka Streams (Stathis Souris, Thou...
London Microservices
 
The future of Hadoop security and its evolution by Alejandro González at Big ...
The future of Hadoop security and its evolution by Alejandro González at Big ...The future of Hadoop security and its evolution by Alejandro González at Big ...
The future of Hadoop security and its evolution by Alejandro González at Big ...
Big Data Spain
 
Kafka Summit NYC 2017 - Achieving Predictability and Compliance with BNY Mell...
Kafka Summit NYC 2017 - Achieving Predictability and Compliance with BNY Mell...Kafka Summit NYC 2017 - Achieving Predictability and Compliance with BNY Mell...
Kafka Summit NYC 2017 - Achieving Predictability and Compliance with BNY Mell...
confluent
 
Continus sql with sql stream builder
Continus sql with sql stream builderContinus sql with sql stream builder
Continus sql with sql stream builder
Timothy Spann
 
Cloud native policy enforcement with Open Policy Agent
Cloud native policy enforcement with Open Policy AgentCloud native policy enforcement with Open Policy Agent
Cloud native policy enforcement with Open Policy Agent
LibbySchulze
 

Recommended

Keeping your Enterprise’s Big Data Secure by Owen O’Malley at Big Data Spain ...
Keeping your Enterprise’s Big Data Secure by Owen O’Malley at Big Data Spain ...Keeping your Enterprise’s Big Data Secure by Owen O’Malley at Big Data Spain ...
Keeping your Enterprise’s Big Data Secure by Owen O’Malley at Big Data Spain ...
Big Data Spain
 
Managing the Dewey Decimal System
Managing the Dewey Decimal SystemManaging the Dewey Decimal System
Managing the Dewey Decimal System
DataWorks Summit
 
Blockchain and Apache NiFi
Blockchain and Apache NiFiBlockchain and Apache NiFi
Blockchain and Apache NiFi
Timothy Spann
 
Building Event-Driven Microservices using Kafka Streams (Stathis Souris, Thou...
Building Event-Driven Microservices using Kafka Streams (Stathis Souris, Thou...Building Event-Driven Microservices using Kafka Streams (Stathis Souris, Thou...
Building Event-Driven Microservices using Kafka Streams (Stathis Souris, Thou...
London Microservices
 
The future of Hadoop security and its evolution by Alejandro González at Big ...
The future of Hadoop security and its evolution by Alejandro González at Big ...The future of Hadoop security and its evolution by Alejandro González at Big ...
The future of Hadoop security and its evolution by Alejandro González at Big ...
Big Data Spain
 
Kafka Summit NYC 2017 - Achieving Predictability and Compliance with BNY Mell...
Kafka Summit NYC 2017 - Achieving Predictability and Compliance with BNY Mell...Kafka Summit NYC 2017 - Achieving Predictability and Compliance with BNY Mell...
Kafka Summit NYC 2017 - Achieving Predictability and Compliance with BNY Mell...
confluent
 
Continus sql with sql stream builder
Continus sql with sql stream builderContinus sql with sql stream builder
Continus sql with sql stream builder
Timothy Spann
 
Cloud native policy enforcement with Open Policy Agent
Cloud native policy enforcement with Open Policy AgentCloud native policy enforcement with Open Policy Agent
Cloud native policy enforcement with Open Policy Agent
LibbySchulze
 
Novinky v Oracle Database 18c
Novinky v Oracle Database 18cNovinky v Oracle Database 18c
Novinky v Oracle Database 18c
MarketingArrowECS_CZ
 
AdStage: Monacella: An Relational Object Database using Cassandra as the Data...
AdStage: Monacella: An Relational Object Database using Cassandra as the Data...AdStage: Monacella: An Relational Object Database using Cassandra as the Data...
AdStage: Monacella: An Relational Object Database using Cassandra as the Data...
DataStax Academy
 
Protect your Private Data in your Hadoop Clusters with ORC Column Encryption
Protect your Private Data in your Hadoop Clusters with ORC Column EncryptionProtect your Private Data in your Hadoop Clusters with ORC Column Encryption
Protect your Private Data in your Hadoop Clusters with ORC Column Encryption
DataWorks Summit
 
Siscale Lightning Talk: Automated Root Cause Analysis with Elastic Stack
Siscale Lightning Talk: Automated Root Cause Analysis with Elastic StackSiscale Lightning Talk: Automated Root Cause Analysis with Elastic Stack
Siscale Lightning Talk: Automated Root Cause Analysis with Elastic Stack
Elasticsearch
 
Extending Twitter's Data Platform to Google Cloud
Extending Twitter's Data Platform to Google CloudExtending Twitter's Data Platform to Google Cloud
Extending Twitter's Data Platform to Google Cloud
DataWorks Summit
 
Scaling Your Skillset with Your Data with Jarrett Garcia (Nielsen)
Scaling Your Skillset with Your Data with Jarrett Garcia (Nielsen)Scaling Your Skillset with Your Data with Jarrett Garcia (Nielsen)
Scaling Your Skillset with Your Data with Jarrett Garcia (Nielsen)
Spark Summit
 
Cloudera Analytics and Machine Learning Platform - Optimized for Cloud
Cloudera Analytics and Machine Learning Platform - Optimized for Cloud Cloudera Analytics and Machine Learning Platform - Optimized for Cloud
Cloudera Analytics and Machine Learning Platform - Optimized for Cloud
Stefan Lipp
 
Elastic Cloud Enterprise @ Cisco
Elastic Cloud Enterprise @ CiscoElastic Cloud Enterprise @ Cisco
Elastic Cloud Enterprise @ Cisco
Elasticsearch
 
Testing Event Driven Architectures: How to Broker the Complexity | Frank Kilc...
Testing Event Driven Architectures: How to Broker the Complexity | Frank Kilc...Testing Event Driven Architectures: How to Broker the Complexity | Frank Kilc...
Testing Event Driven Architectures: How to Broker the Complexity | Frank Kilc...
HostedbyConfluent
 
Building Streaming And Fast Data Applications With Spark, Mesos, Akka, Cassan...
Building Streaming And Fast Data Applications With Spark, Mesos, Akka, Cassan...Building Streaming And Fast Data Applications With Spark, Mesos, Akka, Cassan...
Building Streaming And Fast Data Applications With Spark, Mesos, Akka, Cassan...
Lightbend
 
Building a Streaming Pipeline on Kubernetes Using Kafka Connect, KSQLDB & Apa...
Building a Streaming Pipeline on Kubernetes Using Kafka Connect, KSQLDB & Apa...Building a Streaming Pipeline on Kubernetes Using Kafka Connect, KSQLDB & Apa...
Building a Streaming Pipeline on Kubernetes Using Kafka Connect, KSQLDB & Apa...
HostedbyConfluent
 
Getting Started with Kubernetes and Consul
Getting Started with Kubernetes and ConsulGetting Started with Kubernetes and Consul
Getting Started with Kubernetes and Consul
Mitchell Pronschinske
 
Exploring microservices in a Microsoft landscape
Exploring microservices in a Microsoft landscapeExploring microservices in a Microsoft landscape
Exploring microservices in a Microsoft landscape
Alex Thissen
 
The Analytic Platform behind IBM’s Watson Data Platform by Luciano Resende a...
The Analytic Platform behind IBM’s Watson Data Platform by Luciano Resende a... The Analytic Platform behind IBM’s Watson Data Platform by Luciano Resende a...
The Analytic Platform behind IBM’s Watson Data Platform by Luciano Resende a...
Big Data Spain
 
Digital Transformation in Healthcare with Kafka—Building a Low Latency Data P...
Digital Transformation in Healthcare with Kafka—Building a Low Latency Data P...Digital Transformation in Healthcare with Kafka—Building a Low Latency Data P...
Digital Transformation in Healthcare with Kafka—Building a Low Latency Data P...
confluent
 
Elastic on a Hyper-Converged Infrastructure for Operational Log Analytics
Elastic on a Hyper-Converged Infrastructure for Operational Log AnalyticsElastic on a Hyper-Converged Infrastructure for Operational Log Analytics
Elastic on a Hyper-Converged Infrastructure for Operational Log Analytics
Elasticsearch
 
Industrial production process visualization with the Elastic Stack in real-ti...
Industrial production process visualization with the Elastic Stack in real-ti...Industrial production process visualization with the Elastic Stack in real-ti...
Industrial production process visualization with the Elastic Stack in real-ti...
Elasticsearch
 
Next-Gen DDoS Detection
Next-Gen DDoS DetectionNext-Gen DDoS Detection
Next-Gen DDoS Detection
Alex Henthorn-Iwane
 
Comparing three data ingestion approaches where Apache Kafka integrates with ...
Comparing three data ingestion approaches where Apache Kafka integrates with ...Comparing three data ingestion approaches where Apache Kafka integrates with ...
Comparing three data ingestion approaches where Apache Kafka integrates with ...
HostedbyConfluent
 
Handling GDPR with Apache Kafka: How to Comply Without Freaking Out? (David J...
Handling GDPR with Apache Kafka: How to Comply Without Freaking Out? (David J...Handling GDPR with Apache Kafka: How to Comply Without Freaking Out? (David J...
Handling GDPR with Apache Kafka: How to Comply Without Freaking Out? (David J...
confluent
 
Big Data Security: Facing the challenge
Big Data Security: Facing the challengeBig Data Security: Facing the challenge
Big Data Security: Facing the challenge
Stratio
 
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho ITJak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
MarketingArrowECS_CZ
 

More Related Content

What's hot

AdStage: Monacella: An Relational Object Database using Cassandra as the Data...
AdStage: Monacella: An Relational Object Database using Cassandra as the Data...AdStage: Monacella: An Relational Object Database using Cassandra as the Data...
AdStage: Monacella: An Relational Object Database using Cassandra as the Data...
DataStax Academy
 
Protect your Private Data in your Hadoop Clusters with ORC Column Encryption
Protect your Private Data in your Hadoop Clusters with ORC Column EncryptionProtect your Private Data in your Hadoop Clusters with ORC Column Encryption
Protect your Private Data in your Hadoop Clusters with ORC Column Encryption
DataWorks Summit
 
Extending Twitter's Data Platform to Google Cloud
Extending Twitter's Data Platform to Google CloudExtending Twitter's Data Platform to Google Cloud
Extending Twitter's Data Platform to Google Cloud
DataWorks Summit
 
Testing Event Driven Architectures: How to Broker the Complexity | Frank Kilc...
Testing Event Driven Architectures: How to Broker the Complexity | Frank Kilc...Testing Event Driven Architectures: How to Broker the Complexity | Frank Kilc...
Testing Event Driven Architectures: How to Broker the Complexity | Frank Kilc...
HostedbyConfluent
 
Building Streaming And Fast Data Applications With Spark, Mesos, Akka, Cassan...
Building Streaming And Fast Data Applications With Spark, Mesos, Akka, Cassan...Building Streaming And Fast Data Applications With Spark, Mesos, Akka, Cassan...
Building Streaming And Fast Data Applications With Spark, Mesos, Akka, Cassan...
Lightbend
 
Building a Streaming Pipeline on Kubernetes Using Kafka Connect, KSQLDB & Apa...
Building a Streaming Pipeline on Kubernetes Using Kafka Connect, KSQLDB & Apa...Building a Streaming Pipeline on Kubernetes Using Kafka Connect, KSQLDB & Apa...
Building a Streaming Pipeline on Kubernetes Using Kafka Connect, KSQLDB & Apa...
HostedbyConfluent
 
Digital Transformation in Healthcare with Kafka—Building a Low Latency Data P...
Digital Transformation in Healthcare with Kafka—Building a Low Latency Data P...Digital Transformation in Healthcare with Kafka—Building a Low Latency Data P...
Digital Transformation in Healthcare with Kafka—Building a Low Latency Data P...
confluent
 
Comparing three data ingestion approaches where Apache Kafka integrates with ...
Comparing three data ingestion approaches where Apache Kafka integrates with ...Comparing three data ingestion approaches where Apache Kafka integrates with ...
Comparing three data ingestion approaches where Apache Kafka integrates with ...
HostedbyConfluent
 
Handling GDPR with Apache Kafka: How to Comply Without Freaking Out? (David J...
Handling GDPR with Apache Kafka: How to Comply Without Freaking Out? (David J...Handling GDPR with Apache Kafka: How to Comply Without Freaking Out? (David J...
Handling GDPR with Apache Kafka: How to Comply Without Freaking Out? (David J...
confluent
 

What's hot (20)

Novinky v Oracle Database 18c
Novinky v Oracle Database 18cNovinky v Oracle Database 18c
Novinky v Oracle Database 18c
 
AdStage: Monacella: An Relational Object Database using Cassandra as the Data...
AdStage: Monacella: An Relational Object Database using Cassandra as the Data...AdStage: Monacella: An Relational Object Database using Cassandra as the Data...
AdStage: Monacella: An Relational Object Database using Cassandra as the Data...
 
Protect your Private Data in your Hadoop Clusters with ORC Column Encryption
Protect your Private Data in your Hadoop Clusters with ORC Column EncryptionProtect your Private Data in your Hadoop Clusters with ORC Column Encryption
Protect your Private Data in your Hadoop Clusters with ORC Column Encryption
 
Siscale Lightning Talk: Automated Root Cause Analysis with Elastic Stack
Siscale Lightning Talk: Automated Root Cause Analysis with Elastic StackSiscale Lightning Talk: Automated Root Cause Analysis with Elastic Stack
Siscale Lightning Talk: Automated Root Cause Analysis with Elastic Stack
 
Extending Twitter's Data Platform to Google Cloud
Extending Twitter's Data Platform to Google CloudExtending Twitter's Data Platform to Google Cloud
Extending Twitter's Data Platform to Google Cloud
 
Scaling Your Skillset with Your Data with Jarrett Garcia (Nielsen)
Scaling Your Skillset with Your Data with Jarrett Garcia (Nielsen)Scaling Your Skillset with Your Data with Jarrett Garcia (Nielsen)
Scaling Your Skillset with Your Data with Jarrett Garcia (Nielsen)
 
Cloudera Analytics and Machine Learning Platform - Optimized for Cloud
Cloudera Analytics and Machine Learning Platform - Optimized for Cloud Cloudera Analytics and Machine Learning Platform - Optimized for Cloud
Cloudera Analytics and Machine Learning Platform - Optimized for Cloud
 
Elastic Cloud Enterprise @ Cisco
Elastic Cloud Enterprise @ CiscoElastic Cloud Enterprise @ Cisco
Elastic Cloud Enterprise @ Cisco
 
Testing Event Driven Architectures: How to Broker the Complexity | Frank Kilc...
Testing Event Driven Architectures: How to Broker the Complexity | Frank Kilc...Testing Event Driven Architectures: How to Broker the Complexity | Frank Kilc...
Testing Event Driven Architectures: How to Broker the Complexity | Frank Kilc...
 
Building Streaming And Fast Data Applications With Spark, Mesos, Akka, Cassan...
Building Streaming And Fast Data Applications With Spark, Mesos, Akka, Cassan...Building Streaming And Fast Data Applications With Spark, Mesos, Akka, Cassan...
Building Streaming And Fast Data Applications With Spark, Mesos, Akka, Cassan...
 
Building a Streaming Pipeline on Kubernetes Using Kafka Connect, KSQLDB & Apa...
Building a Streaming Pipeline on Kubernetes Using Kafka Connect, KSQLDB & Apa...Building a Streaming Pipeline on Kubernetes Using Kafka Connect, KSQLDB & Apa...
Building a Streaming Pipeline on Kubernetes Using Kafka Connect, KSQLDB & Apa...
 
Getting Started with Kubernetes and Consul
Getting Started with Kubernetes and ConsulGetting Started with Kubernetes and Consul
Getting Started with Kubernetes and Consul
 
Exploring microservices in a Microsoft landscape
Exploring microservices in a Microsoft landscapeExploring microservices in a Microsoft landscape
Exploring microservices in a Microsoft landscape
 
The Analytic Platform behind IBM’s Watson Data Platform by Luciano Resende a...
The Analytic Platform behind IBM’s Watson Data Platform by Luciano Resende a... The Analytic Platform behind IBM’s Watson Data Platform by Luciano Resende a...
The Analytic Platform behind IBM’s Watson Data Platform by Luciano Resende a...
 
Digital Transformation in Healthcare with Kafka—Building a Low Latency Data P...
Digital Transformation in Healthcare with Kafka—Building a Low Latency Data P...Digital Transformation in Healthcare with Kafka—Building a Low Latency Data P...
Digital Transformation in Healthcare with Kafka—Building a Low Latency Data P...
 
Elastic on a Hyper-Converged Infrastructure for Operational Log Analytics
Elastic on a Hyper-Converged Infrastructure for Operational Log AnalyticsElastic on a Hyper-Converged Infrastructure for Operational Log Analytics
Elastic on a Hyper-Converged Infrastructure for Operational Log Analytics
 
Industrial production process visualization with the Elastic Stack in real-ti...
Industrial production process visualization with the Elastic Stack in real-ti...Industrial production process visualization with the Elastic Stack in real-ti...
Industrial production process visualization with the Elastic Stack in real-ti...
 
Next-Gen DDoS Detection
Next-Gen DDoS DetectionNext-Gen DDoS Detection
Next-Gen DDoS Detection
 
Comparing three data ingestion approaches where Apache Kafka integrates with ...
Comparing three data ingestion approaches where Apache Kafka integrates with ...Comparing three data ingestion approaches where Apache Kafka integrates with ...
Comparing three data ingestion approaches where Apache Kafka integrates with ...
 
Handling GDPR with Apache Kafka: How to Comply Without Freaking Out? (David J...
Handling GDPR with Apache Kafka: How to Comply Without Freaking Out? (David J...Handling GDPR with Apache Kafka: How to Comply Without Freaking Out? (David J...
Handling GDPR with Apache Kafka: How to Comply Without Freaking Out? (David J...
 

Similar to Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017

Big Data Security: Facing the challenge
Big Data Security: Facing the challengeBig Data Security: Facing the challenge
Big Data Security: Facing the challenge
Stratio
 
ITCamp 2018 - Tobiasz Koprowski - Secure your data at rest - on demand, now!
ITCamp 2018 - Tobiasz Koprowski - Secure your data at rest - on demand, now!ITCamp 2018 - Tobiasz Koprowski - Secure your data at rest - on demand, now!
ITCamp 2018 - Tobiasz Koprowski - Secure your data at rest - on demand, now!
ITCamp
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the Cloud
Amazon Web Services
 
CWIN17 India / Insights platform architecture v1 0 virtual - subhadeep dutta
CWIN17 India / Insights platform architecture v1 0 virtual - subhadeep duttaCWIN17 India / Insights platform architecture v1 0 virtual - subhadeep dutta
CWIN17 India / Insights platform architecture v1 0 virtual - subhadeep dutta
Capgemini
 
Securing the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversSecuring the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank Chavers
WithTheBest
 

Similar to Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017 (20)

Big Data Security: Facing the challenge
Big Data Security: Facing the challengeBig Data Security: Facing the challenge
Big Data Security: Facing the challenge
 
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho ITJak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
 
Securing Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataSecuring Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container Data
 
ITCamp 2018 - Tobiasz Koprowski - Secure your data at rest - on demand, now!
ITCamp 2018 - Tobiasz Koprowski - Secure your data at rest - on demand, now!ITCamp 2018 - Tobiasz Koprowski - Secure your data at rest - on demand, now!
ITCamp 2018 - Tobiasz Koprowski - Secure your data at rest - on demand, now!
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the Cloud
 
Identiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingIdentiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffing
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
 
CWIN17 India / Insights platform architecture v1 0 virtual - subhadeep dutta
CWIN17 India / Insights platform architecture v1 0 virtual - subhadeep duttaCWIN17 India / Insights platform architecture v1 0 virtual - subhadeep dutta
CWIN17 India / Insights platform architecture v1 0 virtual - subhadeep dutta
 
Securing the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversSecuring the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank Chavers
 
Company_Profile_Updated_17032016
Company_Profile_Updated_17032016Company_Profile_Updated_17032016
Company_Profile_Updated_17032016
 
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
 
Free and open cloud security posture monitoring
Free and open cloud security posture monitoringFree and open cloud security posture monitoring
Free and open cloud security posture monitoring
 
Cloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving itCloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving it
 
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
 
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentationJustin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
 
Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021
 
Next-generation enterprise Ethereum managed services
Next-generation enterprise Ethereum managed servicesNext-generation enterprise Ethereum managed services
Next-generation enterprise Ethereum managed services
 
Security On The Cloud
Security On The CloudSecurity On The Cloud
Security On The Cloud
 

More from Big Data Spain

More from Big Data Spain (20)

Big Data, Big Quality? by Irene Gonzálvez at Big Data Spain 2017
Big Data, Big Quality? by Irene Gonzálvez at Big Data Spain 2017Big Data, Big Quality? by Irene Gonzálvez at Big Data Spain 2017
Big Data, Big Quality? by Irene Gonzálvez at Big Data Spain 2017
 
Scaling a backend for a big data and blockchain environment by Rafael Ríos at...
Scaling a backend for a big data and blockchain environment by Rafael Ríos at...Scaling a backend for a big data and blockchain environment by Rafael Ríos at...
Scaling a backend for a big data and blockchain environment by Rafael Ríos at...
 
AI: The next frontier by Amparo Alonso at Big Data Spain 2017
AI: The next frontier by Amparo Alonso at Big Data Spain 2017AI: The next frontier by Amparo Alonso at Big Data Spain 2017
AI: The next frontier by Amparo Alonso at Big Data Spain 2017
 
Disaster Recovery for Big Data by Carlos Izquierdo at Big Data Spain 2017
Disaster Recovery for Big Data by Carlos Izquierdo at Big Data Spain 2017Disaster Recovery for Big Data by Carlos Izquierdo at Big Data Spain 2017
Disaster Recovery for Big Data by Carlos Izquierdo at Big Data Spain 2017
 
Presentation: Boost Hadoop and Spark with in-memory technologies by Akmal Cha...
Presentation: Boost Hadoop and Spark with in-memory technologies by Akmal Cha...Presentation: Boost Hadoop and Spark with in-memory technologies by Akmal Cha...
Presentation: Boost Hadoop and Spark with in-memory technologies by Akmal Cha...
 
Data science for lazy people, Automated Machine Learning by Diego Hueltes at ...
Data science for lazy people, Automated Machine Learning by Diego Hueltes at ...Data science for lazy people, Automated Machine Learning by Diego Hueltes at ...
Data science for lazy people, Automated Machine Learning by Diego Hueltes at ...
 
Training Deep Learning Models on Multiple GPUs in the Cloud by Enrique Otero ...
Training Deep Learning Models on Multiple GPUs in the Cloud by Enrique Otero ...Training Deep Learning Models on Multiple GPUs in the Cloud by Enrique Otero ...
Training Deep Learning Models on Multiple GPUs in the Cloud by Enrique Otero ...
 
Unbalanced data: Same algorithms different techniques by Eric Martín at Big D...
Unbalanced data: Same algorithms different techniques by Eric Martín at Big D...Unbalanced data: Same algorithms different techniques by Eric Martín at Big D...
Unbalanced data: Same algorithms different techniques by Eric Martín at Big D...
 
State of the art time-series analysis with deep learning by Javier Ordóñez at...
State of the art time-series analysis with deep learning by Javier Ordóñez at...State of the art time-series analysis with deep learning by Javier Ordóñez at...
State of the art time-series analysis with deep learning by Javier Ordóñez at...
 
Trading at market speed with the latest Kafka features by Iñigo González at B...
Trading at market speed with the latest Kafka features by Iñigo González at B...Trading at market speed with the latest Kafka features by Iñigo González at B...
Trading at market speed with the latest Kafka features by Iñigo González at B...
 
Unified Stream Processing at Scale with Apache Samza by Jake Maes at Big Data...
Unified Stream Processing at Scale with Apache Samza by Jake Maes at Big Data...Unified Stream Processing at Scale with Apache Samza by Jake Maes at Big Data...
Unified Stream Processing at Scale with Apache Samza by Jake Maes at Big Data...
 
Artificial Intelligence and Data-centric businesses by Óscar Méndez at Big Da...
Artificial Intelligence and Data-centric businesses by Óscar Méndez at Big Da...Artificial Intelligence and Data-centric businesses by Óscar Méndez at Big Da...
Artificial Intelligence and Data-centric businesses by Óscar Méndez at Big Da...
 
Why big data didn’t end causal inference by Totte Harinen at Big Data Spain 2017
Why big data didn’t end causal inference by Totte Harinen at Big Data Spain 2017Why big data didn’t end causal inference by Totte Harinen at Big Data Spain 2017
Why big data didn’t end causal inference by Totte Harinen at Big Data Spain 2017
 
Meme Index. Analyzing fads and sensations on the Internet by Miguel Romero at...
Meme Index. Analyzing fads and sensations on the Internet by Miguel Romero at...Meme Index. Analyzing fads and sensations on the Internet by Miguel Romero at...
Meme Index. Analyzing fads and sensations on the Internet by Miguel Romero at...
 
Vehicle Big Data that Drives Smart City Advancement by Mike Branch at Big Dat...
Vehicle Big Data that Drives Smart City Advancement by Mike Branch at Big Dat...Vehicle Big Data that Drives Smart City Advancement by Mike Branch at Big Dat...
Vehicle Big Data that Drives Smart City Advancement by Mike Branch at Big Dat...
 
End of the Myth: Ultra-Scalable Transactional Management by Ricardo Jiménez-P...
End of the Myth: Ultra-Scalable Transactional Management by Ricardo Jiménez-P...End of the Myth: Ultra-Scalable Transactional Management by Ricardo Jiménez-P...
End of the Myth: Ultra-Scalable Transactional Management by Ricardo Jiménez-P...
 
Attacking Machine Learning used in AntiVirus with Reinforcement by Rubén Mart...
Attacking Machine Learning used in AntiVirus with Reinforcement by Rubén Mart...Attacking Machine Learning used in AntiVirus with Reinforcement by Rubén Mart...
Attacking Machine Learning used in AntiVirus with Reinforcement by Rubén Mart...
 
More people, less banking: Blockchain by Salvador Casquero at Big Data Spain ...
More people, less banking: Blockchain by Salvador Casquero at Big Data Spain ...More people, less banking: Blockchain by Salvador Casquero at Big Data Spain ...
More people, less banking: Blockchain by Salvador Casquero at Big Data Spain ...
 
Make the elephant fly, once again by Sourygna Luangsay at Big Data Spain 2017
Make the elephant fly, once again by Sourygna Luangsay at Big Data Spain 2017Make the elephant fly, once again by Sourygna Luangsay at Big Data Spain 2017
Make the elephant fly, once again by Sourygna Luangsay at Big Data Spain 2017
 
Feature selection for Big Data: advances and challenges by Verónica Bolón-Can...
Feature selection for Big Data: advances and challenges by Verónica Bolón-Can...Feature selection for Big Data: advances and challenges by Verónica Bolón-Can...
Feature selection for Big Data: advances and challenges by Verónica Bolón-Can...
 

Recently uploaded

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 

Recently uploaded (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017

  • 1.
  • 2. Big Data Security Facing the challenge
  • 4. © Stratio 2017. Confidential, All Rights Reserved. 3 About me • Father of a 5 year old child • Technical leader in Architecture and Security team at Stratio • Sailing skipper
  • 5. © Stratio 2017. Confidential, All Rights Reserved. In your opinion, how difficult is it to manage security in your projects? 4 ● Very difficult ● Difficult ● Easy ● Very Easy ● What is security?
  • 6. DATA GOVERNANCE LOGS CENTRALIZATION PROJECTS FOR EVER ONGOING IN BIG COMPANIES In a monolithic application centric it with data silos these initiatives never get accomplished HUNDRED OF MILLIONS OF EUROS SPENT DURING THE YEARS IN GLOBAL IT CROSS INITIATIVES SAS CRM Earnix (Pricing) Towers Watson ERP Data Warehouse Lab H0 (Plataforma Big Data compartida por el grupo) WebFocus Oracle Mainframe MONITORING SECURITYDATA SECURITY AUDIT
  • 7. PROJECTS FOR EVER ONGOING IN BIG COMPANIES DATA GOVERNANCE LOGS CENTRALIZATION MONITORING DATA SECURITY AUDIT 1 2 3 4 5
  • 8. PROJECTS FOR EVER ONGOING IN BIG COMPANIES DATA GOVERNANCE LOGS CENTRALIZATION MONITORING DATA SECURITY AUDIT 1 2 3 4 5
  • 9. PROJECTS FOR EVER ONGOING IN BIG COMPANIES DATA GOVERNANCE LOGS CENTRALIZATION MONITORING DATA SECURITY AUDIT 1 2 3 4 5
  • 10. GALGO CHASING ELECTRONIC RABBIT… COMPANIES ALWAYS TRY TO GET THE RABBIT In an application centric company with data silos you never will be able to achieve successfully those projects DATA GOVERNANCE LOGS CENTRALIZATION MONITORING SECURITY DATA SECURITY AUDIT
  • 11. STRUCTURAL INITIATIVES ARE SOLVED COMPLETELY WITH DATA CENTRIC DaaS (data as a service) Data Data Intelligence DATA GOVERNANCE LOGS CENTRALIZATION MONITORING SECURITYDATA SECURITY AUDIT Functionalities Implemented in the product
  • 12. RABBIT IN A JAIL MINIMUM EFFORT AND COST TO GET THE RABBIT
  • 14. © Stratio 2017. Confidential, All Rights Reserved. 13 SECURITY IN A DATA CENTRIC Protect the data • Perimeter security to access the cluster. • Support identity management and authentication to prove that a user/service is who claims to be. • In a multi-data store platform ACLs should be centralized to simplified the correct authorization to different data stores. • Audit events must be centralized to control misuse of the cluster in real time. • Data integrity and confidentiality in network communications to protect data on the fly. Protect the service • Perimeter security to access the cluster. • Support identity management and authentication to prove that a user/service is who claims to be. • A user/service should be authorized so more resources than expected are not used. • A user/service should not interfere with other users/services when it is not needed. • To control the use of resources, it should be audited.
  • 15. VAULT
  • 16. VAULT
  • 17. VAULT
  • 18. VAULT
  • 19. VAULT
  • 20. © Stratio 2017. Confidential, All Rights Reserved. In order to guide the security priorities in the product roadmap, we are focused on helping to comply with LOPD within the platform. Every release of the Stratio platform, the security status is notified through: ● Results of the OWASP tests for the main components of the platform. ● Results of additional general purpose security tests defined to assure the quality expected. ● Security Risk Report that includes the known issues found. ● When Critical and High issues are found: ○ We explain how can be mitigated. ○ We plan to solve them during the next release. 19 SECURITY OVERVIEW
  • 21. © Stratio 2017. Confidential, All Rights Reserved. 20 PERIMETER SECURITY: NETWORKING Public Network Private network Private Agents Admin network Admin Router Master Nodes Admin network Admin Router Public Agents • The default network configuration allows a zone-based network security design: Public. Admin. Private. • Using Mesos roles to identify nodes ensures that only tasks specifically configured with this role will be executed outside the Private zone. • Using Marathon labels, endpoints can be registered dynamically: Admin Router for the Admin zone. Marathon LB for the Public zone.
  • 22. © Stratio 2017. Confidential, All Rights Reserved. The solution is integrated with LDAP and Kerberos owned by the company where Stratio DCS is installed. 21 AUTHENTICATION, AUTHORIZATION AND AUDIT • Authentication: Web: OAuth2. Services & Data Stores: Kerberos or TLS-Mutual. • Authorization: OAuth2 goSec Management: API Rest and website used to manage roles, profiles and ACLs. Also it shows users, groups and audit data. • Audit: authentication and authorization events are structured and stored in a data bus (Kafka) to be computed and collected.
  • 23. © Stratio 2017. Confidential, All Rights Reserved. Plugins are lightweight programs running within processes of each cluster component. They are responsible for: • Authorization (using goSec ACLs). • Audit of every request sent to the component. Currently plugins have been developed for: • Crossdata • Sparta • Zookeeper • HDFS 22 AUTHENTICATION, AUTHORIZATION AND AUDIT • Kafka • Elasticsearch
  • 24. © Stratio 2017. Confidential, All Rights Reserved. • It is a good practice to manage secretes by key management system instead of store them locally. • For this purpose Stratio DCS uses HashiCorp Vault 23 KEY MANAGEMENT SYSTEM
  • 25. © Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain authentication tokens in a secure way? • Where applications save vault’s tokens? • How are tokens protected? • How will I know if someone steal tokens? 24 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application MarathonAdmin
  • 26. © Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain authentication tokens in a secure way? • Where applications save vault’s tokens? • How are tokens protected? • How will I know if someone steal tokens? 25 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application Marathon one time secret Run Application Env: one time secretAdmin
  • 27. © Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain authentication tokens in a secure way? • Where applications save vault’s tokens? • How are tokens protected? • How will I know if someone steal tokens? 26 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application Marathon one time secret login Run Application Env: one time secret token < - > ACL Admin
  • 28. © Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain tokens in a secure way? • Where applications save vault’s tokens? • How are tokens guarded? • How will I know if someone steal tokens? 27 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application Marathon one time secret Run Application Env: one time secretAdmin
  • 29. © Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain tokens in a secure way? • Where applications save vault’s tokens? • How are tokens guarded? • How will I know if someone steal tokens? 28 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application Marathon one time secret login Run Application Env: one time secretAdmin
  • 30. © Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain tokens in a secure way? • Where applications save vault’s tokens? • How are tokens guarded? • How will I know if someone steal tokens? 29 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application Marathon one time secret login Run Application Env: one time secretAdmin
  • 31. © Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain tokens in a secure way? • Where applications save vault’s tokens? • How are tokens guarded? • How will I know if someone steal tokens? 30 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application Marathon one time secret login Run Application Env: one time secret Logs Alert Admin
  • 32. © Stratio 2017. Confidential, All Rights Reserved. • Spark jobs need access to multiple data stores so that Spark needs to support the security of Stratio DCS. • Spark 2.x compilation has been modified by Stratio in order to: Access secrets that are stored in the KMS. Allow access to Kerberized HDFS. Allow access to PostgreSQL with TLS authentication. Allow access to Elasticsearch TLS authentication. Allow access to Kafka with TLS authentication. 31 DATA PROCESSING ENGINE: SPARK
  • 33. © Stratio 2017. Confidential, All Rights Reserved. 32 PROTECT THE DATA Admin Perimeter security Authentication, Authorization, Audit Ciphered communications - use case -
  • 34. © Stratio 2017. Confidential, All Rights Reserved. 33 PROTECT THE DATA Admin Perimeter security Authentication, Authorization, Audit Ciphered communications - use case -
  • 35. © Stratio 2017. Confidential, All Rights Reserved. 34 PROTECT THE DATA Admin Perimeter security Authentication, Authorization, Audit Ciphered communications - use case -
  • 36. © Stratio 2017. Confidential, All Rights Reserved. 35 PROTECT THE DATA Admin Perimeter security Authentication, Authorization, Audit Ciphered communications - use case -
  • 37. © Stratio 2017. Confidential, All Rights Reserved. 36 PROTECT THE DATA Admin Perimeter security Authentication, Authorization, Audit Ciphered communications - use case -
  • 38. © Stratio 2017. Confidential, All Rights Reserved. 37 PROTECT THE DATA Admin Perimeter security Authentication, Authorization, Audit Ciphered communications - use case -
  • 39. © Stratio 2017. Confidential, All Rights Reserved. • Stratio DCS cluster resources (memory, disk, cpus and port ranges) are managed by Mesos. • Mesos, Marathon and Metronome security can be activated post-installation in order to limit the use of the available resources for each framework. • Once it is activated, admins will be able to: Reserve resources for a Mesos role. Grant permissions for each user/framework to do actions such as register frameworks, run tasks, reserve resources, create volumes, etc. • Grant a minimum set of resources to a specific mesos role 38 MULTI-TENANCY CAPABILITIES: RESOURCES ISOLATION Mesos Cluster MASTER Marathon AGENT 1 role=slave_public AGENT 2 role=* AGENT 3 role=postgresql AGENT 5 role=* AGENT 4 role=*
  • 40. © Stratio 2017. Confidential, All Rights Reserved. 39 MULTI-TENANCY CAPABILITIES: NETWORKS ISOLATION • What about network isolation into containerized world? • For this purpose Stratio DCS uses Project Calico
  • 41. © Stratio 2017. Confidential, All Rights Reserved. • Virtual networks topologies can be created dynamically. • Virtual networks topologies can be managed by network policies. • Virtual networks can manage all Mesos supported containerized technologies. • Virtual networks barely impacts big data performance. • Frameworks/apps are authorized into a network. • Frameworks/apps can be isolated into a virtual network. • Frameworks/apps IP addresses and ports are managed by instance. 40 MULTI-TENANCY CAPABILITIES: NETWORKS ISOLATION
  • 45. © Stratio 2017. Confidential, All Rights Reserved. 44 PROTECT THE SERVICE Admin Framework authentication Check resources for the role Authorization to launch tasks Authorization to use the network Audit (logs and Mesos API) - use case -
  • 46. © Stratio 2017. Confidential, All Rights Reserved. 45 PROTECT THE SERVICE Admin Framework authentication Check resources for the role Authorization to launch tasks Authorization to use the network Audit (logs and Mesos API) - use case - At least 1 core, 1GB to framework 1
  • 47. © Stratio 2017. Confidential, All Rights Reserved. 46 PROTECT THE SERVICE Admin Framework authentication Check resources for the role Authorization to launch tasks Authorization to use the network Audit (logs and Mesos API) - use case - net_2: Deny from framework 1 At least 1 core, 1GB to framework 1
  • 48. © Stratio 2017. Confidential, All Rights Reserved. 47 PROTECT THE SERVICE User 2. Launches FRAMEWORK 1 Admin User 2. Launches FRAMEWORK 2 Framework authentication Check resources for the role Authorization to launch tasks Authorization to use the network Audit (logs and Mesos API) - use case - net_2: Deny from framework 1 At least 1 core, 1GB to framework 1
  • 49. © Stratio 2017. Confidential, All Rights Reserved. 48 PROTECT THE SERVICE User 2. Launches FRAMEWORK 1 Admin User 2. Launches FRAMEWORK 2 Framework authentication Check resources for the role Authorization to launch tasks Authorization to use the network Audit (logs and Mesos API) - use case - net_2: Deny from framework 1 At least 1 core, 1GB to framework 1
  • 50. © Stratio 2017. Confidential, All Rights Reserved. MULTI-DATA CENTER 49 - a use case -