Insurance companies of all sizes are challenged to keep up with emerging technologies that deliver a competitive advantage. Recording: https://www.brighttalk.com/webcast/9573/192877 Big data holds the key to greater customer insight and stronger customer relationships. But risk of sensitive data exposure — and compliance violations — keeps many insurers from pursuing big data initiatives and reaping the rewards of business-driven analytics. Join Dataguise and Hortonworks for this live webinar to learn how you can free your organization from traditional information security constraints and unlock the power of your most valuable business assets. • What do you need to know about PII/PHI privacy before embarking on big data initiatives? • Why do so many big data initiatives fail before they’ve even begun—and what can you do about it? • How can IT security organizations help data scientists extract more business value from their data? • How are leading insurance companies leveraging big data to gain competitive advantage?

1. Page 1 © Hortonworks Inc. 2011 – 2016. All Rights ReservedPage 1 © Hortonworks Inc. 2011 – 2015. All Rights Reserved
Leveraging Big Data for Insurance Insights Without
Putting PII/PHI at Risk
February 25, 2016

2. Page 2 © Hortonworks Inc. 2011 – 2016. All Rights Reserved
Today’s Speakers
Syed Mahmood, Sr. Product Marketing Manager – Hortonworks
smahmood@hortonworks.com
Cindy Maike, GM-Insurance Hortonworks
cmaike@hortonworks.com
Venkat Subramanian, CTO and VP of Engineering – Dataguise
venkat@dataguise.com

3. Page 3 © Hortonworks Inc. 2011 – 2016. All Rights Reserved
Is Sensitive Data (PII/PHI) a challenge
for your company’s analytics & big data
programs?
A. Yes
B. No

4. Page 4 © Hortonworks Inc. 2011 – 2016. All Rights Reserved
If Yes, do you have capabilities in place
to manage sensitive data discovery,
protection and audit?
A. Yes
B. No

5. Page 5 © Hortonworks Inc. 2011 – 2016. All Rights Reserved
Big Data Business Insights
Insurance Opportunities
Data Privacy Protection Requirements
• Regulatory
• Customer Expectations

6. Page 6 © Hortonworks Inc. 2011 – 2016. All Rights Reserved
The Insurance Data Landscape has Changed Dramatically
Customer centric / need
based Insurance Offerings
500GB data per annual
vehicle in UBI programs
Drones will make the
workflow efficient by 2020
Digital becoming consumer / Insured
preferred interaction channel
Growing availability &
usage of geospatial data
Change in Claim frequency &
severity, fraud anomaly analytics

7. Page 7 © Hortonworks Inc. 2011 – 2016. All Rights Reserved
Industry Opportunity
High-performance analytics, or
a combination of structured and
unstructured data, is changing
the ways of the insurance industry
after decades of conservatism.

8. Page 8 © Hortonworks Inc. 2011 – 2016. All Rights Reserved
View of Insurance Industry Data Landscape
BatchReal-time
Datavelocity
Structured Unstructured
Data variety
Semi-structured
Weather-event
Drone image feeds
Social media
Sensor
(GoT)
Geo-location
Deposition recording
Notes and diary
Medical records & bills
Transcriptions
Photos
Investigation
TPA invoices
FNOL intake
Claims triage
Vendor invoices
Forms and
letters
Claim system
Policy verification
Applications/Submissions
3rd party risk models
Prior loss runs

9. Page 9 © Hortonworks Inc. 2011 – 2016. All Rights Reserved
New Opportunities – Security Challenges
Use Cases &
Opportunities
Data Sources
(examples)
New Security Challenges
Know Your Customer Application documents, clickstream and web
logs, marketing research, CRM records, and
social media
• Coverage for multiple file types
and sources
• Critical detection to find and
measure sensitivity risk
Claims Optimization &
Fraud Detection
Policy records, claims databases, receipts,
accident reports, emails, and transcriptions
• Reduce or eliminate PCI scope for
Hadoop
• Detect new sensitivity risks in hard-
to-reach unstructured data
Evaluate Risk / New
Products
Mobile telematics, sensor data, social media,
and voice-to-text files
• High scale
• Large sets of small files
• Detection and protection of
unstructured data
Traditional Documents &
Attachments
Claims data, insured prior loss data, and claims
adjuster notes
• Masking of sensitive data for data
sharing
• Sensitive data auditing
Third-party Data Sharing Reporting bureaus, third-party claims
administrators (TPAs), telematics service
providers (TSPs)
• Tiered access — highly granular
roles with differing needs/views for
sensitive data

10. Hortonworks + Dataguise =
SECURE BUSINESS EXECUTION
CTO, DATAGUISE
VENKAT SUBRAMANIAN

11. Dataguise
enables
Secure
Business
Execu3on
for
data-­‐driven
enterprises
by
delivering
data-­‐centric
security
solu3ons
that
Detect,
Audit,
Protect
and
Monitor
sensi3ve
data
assets
where
they
are
wherever
they
move
across
repositories.
©2015
Contains
confiden3al
and
proprietary
informa3on
and
may
not
be
disclosed
by
the
recipient
to
any
third
party.
11

12. ©2015
Dataguise,
Inc.
Confiden3al
and
Proprietary
Secure Business Execution
The ability of an Enterprise
to safely and responsibly leverage
the value of all of their data assets
for the purpose of
gaining new business insights,
maximizing competitive advantage,
and driving revenue growth
12

13. ©2015
Dataguise,
Inc.
Confiden3al
and
Proprietary
Business
Intelligence
Trend
for
2016
Shi8
from
IT-­‐led,
System-­‐of-­‐record
repor>ng
Pervasive,
Business-­‐led,
self-­‐service
analy>cs
• Easy-­‐to-­‐use,
fast,
agile
BI
&
Analy>cs
• Deeper
Insights
into
diverse
data
sources
**
Rita
Sallam,
Gartner
13

14. ©2015
Dataguise,
Inc.
Confiden3al
and
Proprietary
Data
is
your
biggest
Asset
It
is
also
your
biggest
Vulnerability
14

15. ©2016
Dataguise,
Inc.
Confiden3al
and
Proprietary
DgSecure
15
DETECT
Where
sensi3ve
content
is
present
in
struct/unstruct/
semi-­‐struct
data
AUDIT
Who
has
access
to
which
sensi3ve
data
&
iden3fy
misalignments
and
risk
factors
PROTECT
Sensi3ve
data
at
the
element
level–encrypt/decrypt
with
RBAC,
mask
MONITOR
Based
on
metadata,
track
how
and
where
sensi3ve
data
is
being
accessed
through
a
360°
dashboard
Across
Hadoop,
RDBMS,
Files,
NoSQL
DB
On
Premise,
in
the
Cloud,
or
Hybrid

16. PHI: Guidance for Data De-Identification
Sensitive/Privacy Data
16
• Name
• Address
• Dates – Birth, Death, ..
• Telephone Numbers
• Device Identifiers and serial numbers
• Email addresses
• SSN
• Medical record numbers
• Account Numbers
…..

17. Secure Environment
Perimeter Security, Volume/File encryption
17
• I have strong perimeter security
Physical Security, Firewall, IDS/IPS…
Isn’t that enough?
• I
have
turned
on
volume/file-­‐level
encryp>on
Control
data
access
Mee>ng
regulatory
compliance
Isn’t
this
enough?
Need
BOTH
and
*more!

18. What Should We Do?
18
1. Precisely locate sensitive content across ALL repositories
2. Protect those assets appropriately – masking, encryption
3. Open up ‘controlled’ access to data now that sensitive elements are
protected
4. Enable employees, trusted partners and customers to make data-driven
decisions
RISKS
BREACH
SECURITY
COMPLIANCE
VALUE
REVENUE
DATA
DRIVEN
DECISIONS
BUSINESS
INTELLIGENCE
At the cell-level…

19. ©2015
Dataguise,
Inc.
Confiden3al
and
Proprietary
How do we do it in DgSecure
19

20. Complex Sensitive Data Discovery
20
Sensitive Data Type Sample Data
Address 50920 April Blvd. Apt. 181, Lalana ME 83271
1000 Coney Island Ave. Brooklyn NY 11230
Name George Smith
Smith, A. George
Credit Card Number 3710 664089 10315
345039502030507
3780-331072-30547
Telephone Number (510) 824-1036
510-824-1036
510.814.1036
5108141036

21. Sensitive Data Protection
Masking & Encryption in Hadoop
21
• MASKING
– Obfuscation, one-way operation
– Multiple options in DgSecure – fictitious but realistic values, X’ing out part of the
content….
– Consistent masking to retain statistical distribution of data
• ENCRYPTION
– Encrypted cell/row
– Accessible by authorized users only – Hive, bulk, via App
– Granular protection
• REDACTION
– X’ing out entire sensitive data cell
– Nullifying

22. Masking Data in Hadoop (Cell Level)
22

23. Masking Data in Hadoop (Cell Level)
©2015
Contains
confiden3al
and
proprietary
informa3on
and
may
not
be
disclosed
by
the
recipient
to
any
third
party.
23

24. Masking Data in Hadoop (Cell Level)
©2015
Contains
confiden3al
and
proprietary
informa3on
and
may
not
be
disclosed
by
the
recipient
to
any
third
party.
24

25. Encrypting Data in Hadoop (Cell Level)
25

26. Encrypting Data in Hadoop (Cell Level)
26
26

27. ©2016
Dataguise,
Inc.
Confiden3al
and
Proprietary
Decryption through hive queries
27
User
WITHOUT
access
privileges
on
Names
&
SSN

28. ©2016
Dataguise,
Inc.
Confiden3al
and
Proprietary
Decryption through hive queries
28
User
WITH
access
privileges
on
Names
&
SSN

29. Encryption or Masking in Hadoop
Analy3c
Transac3onal
Trading
System
Perf.
Customer
reten3on
Payments
Risk
Mgmt.
IT
Security
Intelligence
IP
Addresses
Name
Personal
Health
Info
Credit
Card
Number
Dynamic
pricing
Process
efficiency
Log
analysis
Insurance
Premiums
Clinical
trial
analysis
Smart
metering
Risk
Modeling
Supply
chain
op3miza3on
Brand
sen3ment
Real-­‐3me
upsell
Monitoring
Sensors
Social
Security
Number
Date
of
Birth
(DOB)
IP
Address
URL
Email
Address
Telephone
Number
Credit
limit
Purchase
amount
Customer
life3me
value
Address
Device
ID
Transac3on
Date
VIN
Person
of
Interest
Discovery
Session
Op3miza3on

30. Encryption or Masking in Hadoop
Analy3c
Transac3onal
Trading
System
Perf.
Customer
reten3on
Payments
Risk
Mgmt.
IT
Security
Intelligence
Medical
test
results
Name
Personal
Health
Info
Credit
Card
Number
Dynamic
pricing
Process
efficiency
Log
analysis
Insurance
Premiums
Clinical
trial
analysis
Smart
metering
Risk
Modeling
Supply
chain
op3miza3on
Brand
sen3ment
Real-­‐3me
upsell
Monitoring
Sensors
Social
Security
Number
Date
of
Birth
(DOB)
IP
Address
URL
Email
Address
Telephone
Number
Credit
limit
Purchase
amount
Customer
life3me
value
Address
Mask
Encrypt
Device
ID
Transac3on
Date
VIN
Person
of
Interest
Discovery
Session
Op3miza3on

31. Encryption or Masking in Hadoop
Analy3c
Transac3onal
Trading
System
Perf.
Customer
reten3on
Payments
Risk
Mgmt.
IT
Security
Intelligence
Biometric
IDs
Name
Personal
Health
Info
Credit
Card
Number
Dynamic
pricing
Process
efficiency
Log
analysis
Insurance
Premiums
Clinical
trial
analysis
Smart
metering
Risk
Modeling
Supply
chain
op3miza3on
Brand
sen3ment
Real-­‐3me
upsell
Monitoring
Sensors
Social
Security
Number
Date
of
Birth
(DOB)
IP
Address
URL
Email
Address
Telephone
Number
Credit
limit
Purchase
amount
Customer
life3me
value
Address
Mask
Encrypt
Device
ID
Transac3on
Date
VIN
Person
of
Interest
Discovery
Session
Op3miza3on

32. Encryption or Masking in Hadoop
Analy3c
Transac3onal
Trading
System
Perf.
Customer
reten3on
Payments
Risk
Mgmt.
IT
Security
Intelligence
Dynamic
pricing
Process
efficiency
Log
analysis
Insurance
Premiums
Clinical
trial
analysis
Smart
metering
Risk
Modeling
Supply
chain
op3miza3on
Brand
sen3ment
Real-­‐3me
upsell
Monitoring
Sensors
Person
of
Interest
Discovery
Session
Op3miza3on
Medical
test
results
Name
Personal
Health
Info
Credit
Card
Number
Social
Security
Number
Date
of
Birth
(DOB)
IP
Address
URL
Email
Address
Telephone
Number
Credit
limit
Purchase
amount
Customer
life3me
value
Address
Mask
Device
ID
Transac3on
Date
VIN
Number
Encrypt

33. Encryption or Masking in Hadoop
Analy3c
Transac3onal
Trading
System
Perf.
Customer
reten3on
Payments
Risk
Mgmt.
IT
Security
Intelligence
Medical
test
results
Name
Personal
Health
Info
Credit
Card
Number
Dynamic
pricing
Process
efficiency
Log
analysis
Insurance
Premiums
Clinical
trial
analysis
Smart
metering
Risk
Modeling
Supply
chain
op3miza3on
Brand
sen3ment
Real-­‐3me
upsell
Monitoring
Sensors
Social
Security
Number
Date
of
Birth
(DOB)
IP
Address
URL
Email
Address
Telephone
Number
Credit
limit
Purchase
amount
Customer
life3me
value
Address
Mask
Encrypt
Device
ID
Transac3on
Date
VIN
Person
of
Interest
Discovery
Session
Op3miza3on

34. ©2016
Dataguise,
Inc.
Confiden3al
and
Proprietary
34
How
does
this
work
in
DgSecure

35. ©2016
Dataguise,
Inc.
Confiden3al
and
Proprietary
HIGH-LEVEL DgSECURE FOR HADOOP FUNCTIONALITY
35
Policy
Management
Domain
Defini3on
custom
Elements
-­‐
Composite
-­‐
Dependent
Policy
-­‐
Per
Data
Feed?
Protec3on
Op3ons
Detec3on
In-­‐Flight
Within
HDFS
Full
vs.
Incremental
Structured
vs.
Semi/Unstructured
Quick
scan
Element
Count
Audi3ng
Files/Dirs
-­‐
Sensi3ve
elements
-­‐
Protected?
-­‐
Who
has
access
Users
-­‐
What
can
they
see
Protec3on
Domain
based
Masking
Redac3on
Encryp3on
-­‐
Field
or
Record
-­‐
AES
or
FPE
Repor3ng
Job
Level
-­‐
Sensi3ve
elements
-­‐
Directories
&
Files
-­‐
Remedia3on
applied
Dashboard
-­‐
Directory
or
by
policy
-­‐
Drill-­‐down
Audit
report
-­‐
User
ac3ons
No3fica3ons

36. Set
Policy
©2015
Contains
confiden3al
and
proprietary
informa3on
and
may
not
be
disclosed
by
the
recipient
to
any
third
party.
36

37. Data
Elements
©2015
Contains
confiden3al
and
proprietary
informa3on
and
may
not
be
disclosed
by
the
recipient
to
any
third
party.
37

38. Define/Execute
Detec>on/Protec>on
Task
©2015
Contains
confiden3al
and
proprietary
informa3on
and
may
not
be
disclosed
by
the
recipient
to
any
third
party.
38

39. Discovery
Task
Result
©2015
Contains
confiden3al
and
proprietary
informa3on
and
may
not
be
disclosed
by
the
recipient
to
any
third
party.
39

40. MaskingTask
Result
©2015
Contains
confiden3al
and
proprietary
informa3on
and
may
not
be
disclosed
by
the
recipient
to
any
third
party.
40

41. Masking
Task
Result
41

42. Dashboard
©2015
Contains
confiden3al
and
proprietary
informa3on
and
may
not
be
disclosed
by
the
recipient
to
any
third
party.
42

43. Entitlement Reports
©2015
Contains
confiden3al
and
proprietary
informa3on
and
may
not
be
disclosed
by
the
recipient
to
any
third
party.
43

44. Audit Reports
©2015
Contains
confiden3al
and
proprietary
informa3on
and
may
not
be
disclosed
by
the
recipient
to
any
third
party.
44

45. ©2016
Dataguise,
Inc.
Confiden3al
and
Proprietary
45
Sample
Secure
Business
Workflow
in
an
Enterprise

46. Sample
End
to
End
Flow
46

47. Sample
End
to
End
Flow
47
CISO/CPO:
Set
policy
per
data
feed
type

48. Sample
End
to
End
Flow
48
Data
Asset
Owner:
Provenance
metadata

49. Sample
End
to
End
Flow
49
IT/Set
Process:
Run
Discovery
to
detect
sensi3ve
data
Metadata
to
repository
(Atlas)

50. Sample
End
to
End
Flow
50
IT/Set
Process:
Use
Metadata
to
set
access
control
in
Ranger

51. Sample
End
to
End
Flow
51
Run
Masking/Encr
to
protect
sensi3ve
data
Metadata
incl.
lineage
to
repository
(Atlas)

52. Sample
End
to
End
Flow
52
IT/Set
Process:
Use
Metadata
to
set
access
control
in
Ranger

53. Sample
End
to
End
Flow
53
Data
Asset
owner
adds
annota3ons
&
adds
to
Data
Asset
Index

54. Sample
End
to
End
Flow
54
Data
Scien3st
browses
available
data
sets
and
makes
access
request

55. Sample
End
to
End
Flow
55
Data
owner
approves
request
Sets
access
control
in
Ranger

56. Sample
End
to
End
Flow
56
Data
Scien3st
runs
data
mining/BI/Analy3cs

57. Sample
End
to
End
Flow
57

58. Page 58 © Hortonworks Inc. 2011 – 2016. All Rights Reserved
Ranger and Knox: Building on the Vision of
Comprehensive Security
Syed Mahmood

59. Page 59 © Hortonworks Inc. 2011 – 2016. All Rights Reserved
Security Challenges of Data Lake
Central repository of critical and sensitive
data
Data maintained over long duration
External ecosystem is in flux
Users can access and analyze data in new
and different ways

60. Page 60 © Hortonworks Inc. 2011 – 2016. All Rights Reserved
How do I set policy across the entire cluster?
Who am I/prove it?
What can I do?
What did I do?
How can I encrypt at rest and over the wire?
Differentiator 1: Comprehensive Approach to Security
Data Protection
Protect data at rest and in motion
In order to protect any data system you must implement the following:
Audit
Maintain a record of data access
Authorization
Provision access to data
Authentication
Authenticate users and systems
Administration
Central management and consistent security

61. Page 61 © Hortonworks Inc. 2011 – 2016. All Rights Reserved
HDP Security: Comprehensive, Complete, Extensible
Data Protection
Protect data at rest and in motion
Security in HDP is the most comprehensive, complete and extensible for Hadoop
Audit
Maintain a record of data access
Authorization
Provision access to data
Authentication
Authenticate users and systems
Administration
Central management and consistent security
Single administrative console to set policy
across the entire cluster: Apache Ranger
Authentication for perimeter and cluster;
integrates with existing Active Directory and
LDAP solutions: Kerberos | Apache Knox
Consistent authorization controls across all
Apache components within HDP: Apache
Ranger
Record of data access events across all
components that is consistent and accessible:
Apache Ranger | Apache Atlas
Encrypts data in motion and data at rest; refer
partner encryption solutions for broader
needs: HDFS TDE with Ranger KMS

62. Page 62 © Hortonworks Inc. 2011 – 2016. All Rights Reserved
YARN : Data Operating System
DATA ACCESS SECURITY
GOVERNANCE &
INTEGRATION
OPERATIONS
1
°
°
°
°
°
°
°
°
°
°
°
°
°
°
°
°
°
°
°
°
N
Data Lifecycle &
Governance
Falcon
Atlas
Administration
Authentication
Authorization
Auditing
Data Protection
Ranger
Knox
Atlas
HDFS Encryption
Data Workflow
Sqoop
Flume
Kafka
NFS
WebHDFS
Provisioning,
Managing, &
Monitoring
Ambari
Cloudbreak
Zookeeper
Scheduling
Oozie
Batch
MapReduce
Script
Pig
Search
Solr
SQL
Hive
NoSQL
HBase
Accumulo
Phoenix
Stream
Storm
In-memory
Spark
Others
ISV Engines
TezTez Tez Slider Slider
HDFS Hadoop Distributed File System
DATA MANAGEMENT
Hortonworks Data Platform 2.3
Deployment
Choice
Linux Windows On-Premise Cloud
Differentiator 2: Security Built into the Platform

63. Page 63 © Hortonworks Inc. 2011 – 2016. All Rights Reserved
Security Built into the Platform
Security is consistently
administered across data
access engines
Build or retire applications
without impacting security
YARN : Data Operating System
DATA ACCESS SECURITY
GOVERNANCE &
INTEGRATION
OPERATIONS
1
°
°
°
°
°
°
°
°
°
°
°
°
°
°
°
°
°
°
°
°
N
Data Lifecycle &
Governance
Falcon
Atlas
Administration
Authentication
Authorization
Auditing
Data Protection
Ranger
Knox
Atlas
HDFS EncryptionData Workflow
Sqoop
Flume
Kafka
NFS
WebHDFS
Provisioning,
Managing, &
Monitoring
Ambari
Cloudbreak
Zookeeper
Scheduling
Oozie
Batch
MapReduce
Script
Pig
Search
Solr
SQL
Hive
NoSQL
HBase
Accumulo
Phoenix
Stream
Storm
In-memory
Spark
Others
ISV Engines
TezTez Tez Slider Slider
HDFS Hadoop Distributed File System
DATA MANAGEMENT
Hortonworks Data Platform 2.3
Deployment
Choice
Linux Windows On-Premise Cloud

64. Page 64 © Hortonworks Inc. 2011 – 2016. All Rights Reserved
Security in Hadoop with HDP
• Wire encryption in
Hadoop
• HDFS Encryption
with Ranger KMS
• Centralized audit
reporting with
Apache Ranger
• Fine-grain access
control with
Apache Ranger
Authorization
What can I do?
Audit
What did I do?
Data Protection
Can data be encrypted at
rest and over the wire?
• Kerberos
• API security with
Apache Knox
Authentication
Who am I/prove it?
HDP2.3
Centralized Security Administration with Ranger

65. Page 65 © Hortonworks Inc. 2011 – 2016. All Rights Reserved
Apache Ranger
Comprehensive security for Enterprise Hadoop

66. Page 66 © Hortonworks Inc. 2011 – 2016. All Rights Reserved
Centralized Security with Ranger
Centralized platform
• Centralized platform to define,
administer and manage
security policies consistently
• Define security policy once and
apply it to all the applicable
components across the stack

67. Page 67 © Hortonworks Inc. 2011 – 2016. All Rights Reserved

68. Page 68 © Hortonworks Inc. 2011 – 2016. All Rights Reserved
Centralized Security with Ranger
Centralized platform
• Administer security for:
– Database
– Table
– Column
– LDAP Groups
– Specific Users
Fine-grained
security definition
• Centralized platform to define,
administer and manage
security policies consistently
• Define security policy once and
apply it to all the applicable
components across the stack

69. Page 69 © Hortonworks Inc. 2011 – 2016. All Rights Reserved

70. Page 70 © Hortonworks Inc. 2011 – 2016. All Rights Reserved
Centralized Security with Ranger
• Administrators have complete
visibility into the security
administration process
Deep visibilityCentralized platform
• Administer security for:
– Database
– Table
– Column
– LDAP Groups
– Specific Users
Fine-grained
security definition
• Centralized platform to define,
administer and manage
security policies consistently
• Define security policy once and
apply it to all the applicable
components across the stack

71. Page 71 © Hortonworks Inc. 2011 – 2016. All Rights Reserved

72. Page 72 © Hortonworks Inc. 2011 – 2016. All Rights Reserved
Authorization and Auditing with Ranger
HDFS
Ranger Administration Portal
HBase
Hive Server2
Ranger Audit Server
Ranger
Plugin
HadoopComponentsEnterprise
Users
Ranger
Plugin
Ranger
Plugin
Legacy Tools and Data
Governance
HDFS
Knox
Storm
Ranger
Plugin
Ranger
Plugin
RDBMS
Solr
Ranger
Plugin
Ranger Policy Server
Future Additions
Currently
Supported in
HDP 2.2
Integration API
Kafka
Ranger
Plugin
YARN
Ranger
Plugin
TBD
Ranger
Plugin

73. Page 73 © Hortonworks Inc. 2011 – 2016. All Rights Reserved
Apache Atlas is Now Included in HDP
Apache Atlas
Knowledge Store
Audit Store
ModelsType-System
Policy RulesTaxonomies
Tag Based
Policies
Data Lifecycle
Management
Real Time Tag Based Access Control
REST API
Services
Search Lineage Exchange
Healthcare
HIPAA
HL7
Financial
SOX
Dodd-Frank
Energy
PPDM
Retail
PCI
PII
Other
CWM
Rest API
Modern, flexible access to Atlas services, HDP components and external tools
Search—SQL, like DSL (Domain Specific Language)
Support for key word, faceted and full text searches
Lineage
Capture all SQL runtime activity on HiveServer2 providing lineage for both data
and schema
Exchange
Leverage existing metadata by importing it from ETL tools, ERP systems and
data warehouses
Export metadata to downstream systems

74. Page 74 © Hortonworks Inc. 2011 – 2016. All Rights Reserved
Apache Atlas Vision 2015
Metadata Services
Business Taxonomy - classification
Operational Data – Model for Hive: DB, Tables, Col,
Centralized location for all metadata inside HDP
Single Interface point for Metadata Exchange with
platforms outside of HDP.
Search & Prescriptive Lineage – Model and Audit
Apache Atlas
Hive
Ranger
Falcon
Kafka
Storm

75. © Hortonworks Inc. 2015. All Rights Reserved
The Insurance Data Landscape has Changed
u The insurance industry is joining and analyzing data which has never
been analyzed before
u Many of these sources can be “murky” and sensitive
u Traditional PII/PHI data sources ingested into Hadoop needs to be:
• Discovered
• Protected
Ø Protecting PII/PHI data is not an option for Insurers, TPAs and
Brokers…. it is a Requirement
Summary

76. Page 76 © Hortonworks Inc. 2011 – 2014. All Rights Reserved
Questions ?

77. Page 77 © Hortonworks Inc. 2011 – 2014. All Rights Reserved
Call to Action
Additional Information :
q Data Protection Optimized for Insurance Big Data – A Dataguise and
Hortonworks Capability Overview
q Hortonworks: Comprehensive Security in Hadoop – Solving Security in
Hadoop Whitepaper
q Hortonworks: Building Governance into Big Data – Whitepaper