SlideShare a Scribd company logo

Big Data Security: Facing the challenge

Download as PPTX, PDF
Stratio
Stratio

A data-centric platform integrates multiple Big Data open source technologies. For example, at Stratio we use Spark, Kafka, Elastic search and many more. Most of these technologies do not offer native security. This lack of security, not only leaves companies open to critical risks like data leakage, unsecure communications or DoS attacks but is also a major barrier to complying with different regulations such as LOPD, PCI-DSS or the upcoming GDPR. This talk gives a technical and innovative overview of how companies can face the challenge of protecting the data and services that are in their data-centric platform, focusing on three main aspects: implementing network segmentation, managing AAA and securing data processing. By: Carlos Gómez

Technology
1 of 51
Big Data Security Facing the challenge
Experience the presentation xlic.es/v/E98605
© Stratio 2017. Confidential, All Rights Reserved. 3 About me • Father of a 5 year old child • Technical leader in Architecture and Security team at Stratio • Sailing skipper
© Stratio 2017. Confidential, All Rights Reserved. In your opinion, how difficult is it to manage security in your projects? 4 ● Very difficult ● Difficult ● Easy ● Very Easy ● What is security?
DATA GOVERNANCE LOGS CENTRALIZATION PROJECTS FOR EVER ONGOING IN BIG COMPANIES In a monolithic application centric it with data silos these initiatives never get accomplished HUNDRED OF MILLIONS OF EUROS SPENT DURING THE YEARS IN GLOBAL IT CROSS INITIATIVES SAS CRM Earnix (Pricing) Towers Watson ERP Data Warehouse Lab H0 (Plataforma Big Data compartida por el grupo) WebFocus Oracle Mainframe MONITORING SECURITYDATA SECURITY AUDIT
PROJECTS FOR EVER ONGOING IN BIG COMPANIES DATA GOVERNANCE LOGS CENTRALIZATION MONITORING DATA SECURITY AUDIT 1 2 3 4 5
PROJECTS FOR EVER ONGOING IN BIG COMPANIES DATA GOVERNANCE LOGS CENTRALIZATION MONITORING DATA SECURITY AUDIT 1 2 3 4 5
ETL PROJECTS FOR EVER ONGOING IN BIG COMPANIES DATA GOVERNANCE LOGS CENTRALIZATION MONITORING DATA SECURITY AUDIT 1 2 3 4 5
GALGO CHASING ELECTRONIC RABBIT… COMPANIES ALWAYS TRY TO GET THE RABBIT In an application centric company with data silos you never will be able to achieve successfully those projects DATA GOVERNANCE LOGS CENTRALIZATION MONITORING SECURITY DATA SECURITY AUDIT
STRUCTURAL INITIATIVES ARE SOLVED COMPLETELY WITH DATA CENTRIC DaaS (data as a service) Data Data Intelligence DATA GOVERNANCE LOGS CENTRALIZATION MONITORING SECURITYDATA SECURITY AUDIT Functionalities Implemented in the product
RABBIT IN A JAIL MINIMUM EFFORT AND COST TO GET THE RABBIT
12 Facing the challenge
© Stratio 2017. Confidential, All Rights Reserved. 13 SECURITY IN A DATA CENTRIC Protect the data • Perimeter security to access the cluster. • Support identity management and authentication to prove that a user/service is who claims to be. • In a multi-data store platform ACLs should be centralized to simplified the correct authorization to different data stores. • Audit events must be centralized to control misuse of the cluster in real time. • Data integrity and confidentiality in network communications to protect data on the fly. Protect the service • Perimeter security to access the cluster. • Support identity management and authentication to prove that a user/service is who claims to be. • A user/service should be authorized so more resources than expected are not used. • A user/service should not interfere with other users/services when it is not needed. • To control the use of resources, it should be audited.
DATA CENTER OPERATING SYSTEM MESOS SERVICE ORCHESTATION CONTAINERS NODE PROVISIONING TERRAFORM Kafka Zookeeper VAULT BAREMETAL PUBLIC CLOUD SQL PRIVATE CLOUD Docker DaaS Apps Apps Docker Microservices Microservices Docker Data Intelligence as a Service Microservices Apps with Standalone Applications Standalone Applications A P P S SERVICE DISCOVERY STRATIO EOS (Enterprise Operating System) Microservices Apps with Docker Docker Docker MARATHON CONSUL DOCKER StratioDataCentric INFRAS NETWORK ISOLATION CALICO
DATA CENTER OPERATING SYSTEM MESOS SERVICE ORCHESTATION CONTAINERS NODE PROVISIONING TERRAFORM Kafka Zookeeper VAULT BAREMETAL PUBLIC CLOUD SQL PRIVATE CLOUD Docker DaaS Apps Apps Docker Microservices Microservices Docker Data Intelligence as a Service Microservices Apps with Standalone Applications Standalone Applications A P P S SERVICE DISCOVERY STRATIO EOS (Enterprise Operating System) Microservices Apps with Docker Docker Docker MARATHON CONSUL DOCKER StratioDataCentric INFRAS NETWORK ISOLATION CALICO
DATA CENTER OPERATING SYSTEM MESOS SERVICE ORCHESTATION CONTAINERS NODE PROVISIONING TERRAFORM Kafka Zookeeper VAULT BAREMETAL PUBLIC CLOUD SQL PRIVATE CLOUD Docker DaaS Apps Apps Docker Microservices Microservices Docker Data Intelligence as a Service Microservices Apps with Standalone Applications Standalone Applications A P P S SERVICE DISCOVERY STRATIO EOS (Enterprise Operating System) Microservices Apps with Docker Docker Docker MARATHON CONSUL DOCKER StratioDataCentric INFRAS NETWORK ISOLATION CALICO
DATA CENTER OPERATING SYSTEM MESOS SERVICE ORCHESTATION CONTAINERS NODE PROVISIONING TERRAFORM Kafka Zookeeper VAULT BAREMETAL PUBLIC CLOUD SQL PRIVATE CLOUD Docker DaaS Apps Apps Docker Microservices Microservices Docker Data Intelligence as a Service Microservices Apps with Standalone Applications Standalone Applications A P P S SERVICE DISCOVERY STRATIO EOS (Enterprise Operating System) Microservices Apps with Docker Docker Docker MARATHON CONSUL DOCKER StratioDataCentric INFRAS NETWORK ISOLATION CALICO
DATA CENTER OPERATING SYSTEM MESOS SERVICE ORCHESTATION CONTAINERS NODE PROVISIONING TERRAFORM Kafka Zookeeper VAULT BAREMETAL PUBLIC CLOUD SQL PRIVATE CLOUD Docker DaaS Apps Apps Docker Microservices Microservices Docker Data Intelligence as a Service Microservices Apps with Standalone Applications Standalone Applications A P P S SERVICE DISCOVERY STRATIO EOS (Enterprise Operating System) Microservices Apps with Docker Docker Docker MARATHON CONSUL DOCKER StratioDataCentric INFRAS NETWORK ISOLATION CALICO
© Stratio 2017. Confidential, All Rights Reserved. In order to guide the security priorities in the product roadmap, we are focused on helping to comply with LOPD within the platform. Every release of the Stratio platform, the security status is notified through: • Results of the OWASP tests for the main components of the platform. • Results of additional general purpose security tests defined to assure the quality expected. • Security Risk Report that includes the known issues found. • When Critical and High issues are found: ‐ We explain how can be mitigated. ‐ We plan to solve them during the next release. 19 SECURITY OVERVIEW
© Stratio 2017. Confidential, All Rights Reserved. 20 PERIMETER SECURITY: NETWORKING Public Network Private network Private Agents Admin network Admin Router Master Nodes Admin network Admin Router Public Agents • The default network configuration allows a zone-based network security design: ‐ Public. ‐ Admin. ‐ Private. • Using Mesos roles to identify nodes ensures that only tasks specifically configured with this role will be executed outside the Private zone. • Using Marathon labels, endpoints can be registered dynamically: ‐ Admin Router for the Admin zone. ‐ Marathon LB for the Public zone.
© Stratio 2017. Confidential, All Rights Reserved. The solution is integrated with LDAP and Kerberos owned by the company where Stratio DCS is installed. 21 AUTHENTICATION, AUTHORIZATION AND AUDIT • Authentication: ‐ Web: OAuth2. ‐ Services & Data Stores: Kerberos or TLS-Mutual. • Authorization: ‐ OAuth2 ‐ goSec Management: API Rest and website used to manage roles, profiles and ACLs. Also it shows users, groups and audit data. • Audit: authentication and authorization events are structured and stored in a data bus (Kafka) to be computed and collected.
© Stratio 2017. Confidential, All Rights Reserved. Plugins are lightweight programs running within processes of each cluster component. They are responsible for: • Authorization (using goSec ACLs). • Audit of every request sent to the component. Currently plugins have been developed for: • Crossdata • Sparta • Zookeeper • HDFS 22 AUTHENTICATION, AUTHORIZATION AND AUDIT • Kafka • Elasticsearch
© Stratio 2017. Confidential, All Rights Reserved. • It is a good practice to manage secretes by key management system instead of store them locally. • For this purpose Stratio DCS uses HashiCorp Vault 23 KEY MANAGEMENT SYSTEM
© Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain authentication tokens in a secure way? • Where applications save vault’s tokens? • How are tokens protected? • How will I know if someone steal tokens? 24 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application MarathonAdmin
© Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain authentication tokens in a secure way? • Where applications save vault’s tokens? • How are tokens protected? • How will I know if someone steal tokens? 25 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application Marathon one time secret Run Application Env: one time secretAdmin
© Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain authentication tokens in a secure way? • Where applications save vault’s tokens? • How are tokens protected? • How will I know if someone steal tokens? 26 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application Marathon one time secret login Run Application Env: one time secret token < - > ACL Admin
© Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain tokens in a secure way? • Where applications save vault’s tokens? • How are tokens guarded? • How will I know if someone steal tokens? 27 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application Marathon one time secret Run Application Env: one time secretAdmin
© Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain tokens in a secure way? • Where applications save vault’s tokens? • How are tokens guarded? • How will I know if someone steal tokens? 28 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application Marathon one time secret login Run Application Env: one time secretAdmin
© Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain tokens in a secure way? • Where applications save vault’s tokens? • How are tokens guarded? • How will I know if someone steal tokens? 29 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application Marathon one time secret login Run Application Env: one time secretAdmin
© Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain tokens in a secure way? • Where applications save vault’s tokens? • How are tokens guarded? • How will I know if someone steal tokens? 30 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application Marathon one time secret login Run Application Env: one time secret Logs Alert Admin
© Stratio 2017. Confidential, All Rights Reserved. • Spark jobs need access to multiple data stores so that Spark needs to support the security of Stratio DCS. • Spark 2.x compilation has been modified by Stratio in order to: ‐ Access secrets that are stored in the KMS. ‐ Allow access to Kerberized HDFS. ‐ Allow access to PostgreSQL with TLS authentication. ‐ Allow access to Elasticsearch TLS authentication. ‐ Allow access to Kafka with TLS authentication. 31 DATA PROCESSING ENGINE: SPARK
© Stratio 2017. Confidential, All Rights Reserved. ADMIN NETWORK PUBLIC NETWORK PRIVATE NETWORK 32 PROTECT THE DATA GOSSEC SSO AUDIT KAFKA KMS LDAP KERBEROS TABLEAU MARATHON-LB GOSEC MANAGEMENT ZOOKEEPER HDFS ADMIN ROUTER ZOOKEEPER Admin Perimeter security Authentication, Authorization, Audit Ciphered communications - use case -
© Stratio 2017. Confidential, All Rights Reserved. ADMIN NETWORK PUBLIC NETWORK PRIVATE NETWORK 33 PROTECT THE DATA GOSSEC SSO AUDIT KAFKA KMS LDAP KERBEROS TABLEAU MARATHON-LB GOSEC MANAGEMENT ZOOKEEPER HDFS ADMIN ROUTER ZOOKEEPER Admin Perimeter security Authentication, Authorization, Audit Ciphered communications - use case -
© Stratio 2017. Confidential, All Rights Reserved. ADMIN NETWORK PUBLIC NETWORK PRIVATE NETWORK 34 PROTECT THE DATA GOSSEC SSO AUDIT KAFKA KMS LDAP KERBEROS TABLEAU MARATHON-LB GOSEC MANAGEMENT ZOOKEEPER HDFS ADMIN ROUTER ZOOKEEPER Admin Perimeter security Authentication, Authorization, Audit Ciphered communications - use case -
© Stratio 2017. Confidential, All Rights Reserved. ADMIN NETWORK PUBLIC NETWORK PRIVATE NETWORK 35 PROTECT THE DATA GOSSEC SSO AUDIT KAFKA KMS LDAP KERBEROS TABLEAU MARATHON-LB GOSEC MANAGEMENT ZOOKEEPER HDFS ADMIN ROUTER ZOOKEEPER Admin Perimeter security Authentication, Authorization, Audit Ciphered communications - use case -
© Stratio 2017. Confidential, All Rights Reserved. ADMIN NETWORK PUBLIC NETWORK PRIVATE NETWORK 36 PROTECT THE DATA GOSSEC SSO AUDIT KAFKA KMS LDAP KERBEROS TABLEAU MARATHON-LB GOSEC MANAGEMENT ZOOKEEPER HDFS ADMIN ROUTER ZOOKEEPER Admin Perimeter security Authentication, Authorization, Audit Ciphered communications - use case -
© Stratio 2017. Confidential, All Rights Reserved. ADMIN NETWORK PUBLIC NETWORK PRIVATE NETWORK 37 PROTECT THE DATA GOSSEC SSO AUDIT KAFKA KMS LDAP KERBEROS TABLEAU MARATHON-LB GOSEC MANAGEMENT ZOOKEEPER HDFS ADMIN ROUTER ZOOKEEPER Admin Perimeter security Authentication, Authorization, Audit Ciphered communications - use case -
© Stratio 2017. Confidential, All Rights Reserved. • Stratio DCS cluster resources (memory, disk, cpus and port ranges) are managed by Mesos. • Mesos, Marathon and Metronome security can be activated post-installation in order to limit the use of the available resources for each framework. • Once it is activated, admins will be able to: ‐ Reserve resources for a Mesos role. ‐ Grant permissions for each user/framework to do actions such as register frameworks, run tasks, reserve resources, create volumes, etc. • Grant a minimum set of resources to a specific mesos role 38 MULTI-TENANCY CAPABILITIES: RESOURCES ISOLATION Mesos Cluster MASTER Marathon AGENT 1 role=slave_public AGENT 2 role=* AGENT 3 role=postgresql AGENT 5 role=* AGENT 4 role=*
© Stratio 2017. Confidential, All Rights Reserved. 39 MULTI-TENANCY CAPABILITIES: NETWORKS ISOLATION • What about network isolation into containerized world? • For this purpose Stratio DCS uses Project Calico
© Stratio 2017. Confidential, All Rights Reserved. • Virtual networks topologies can be created dynamically. • Virtual networks topologies can be managed by network policies. • Virtual networks can manage all Mesos supported containerized technologies. • Virtual networks barely impacts big data performance. • Frameworks/apps are authorized into a network. • Frameworks/apps can be isolated into a virtual network. • Frameworks/apps IP addresses and ports are managed by instance. 40 MULTI-TENANCY CAPABILITIES: NETWORKS ISOLATION
© Stratio 2015. Confidential, All Rights Reserved. Network Isolation components 41
© Stratio 2015. Confidential, All Rights Reserved. Network Isolation Virtual Networks 42
© Stratio 2015. Confidential, All Rights Reserved. Network Isolation Integration 43
© Stratio 2017. Confidential, All Rights Reserved. MESOS 44 PROTECT THE SERVICE CALICO & DOCKER ENGINE Admin Framework authentication Check resources for the role Authorization to launch tasks Authorization to use the network Audit (logs and Mesos API) - use case -
© Stratio 2017. Confidential, All Rights Reserved. MESOS 45 PROTECT THE SERVICE CALICO & DOCKER ENGINE Admin Framework authentication Check resources for the role Authorization to launch tasks Authorization to use the network Audit (logs and Mesos API) - use case - At least 1 core, 1GB to framework 1
© Stratio 2017. Confidential, All Rights Reserved. MESOS 46 PROTECT THE SERVICE CALICO & DOCKER ENGINE Admin Framework authentication Check resources for the role Authorization to launch tasks Authorization to use the network Audit (logs and Mesos API) - use case - net_2: Deny from framework 1 At least 1 core, 1GB to framework 1
© Stratio 2017. Confidential, All Rights Reserved. MESOS NETWORK B 2 CORES 5Gb RAM NETWORK A 0.5 CORES 1Gb RAM 47 PROTECT THE SERVICE CONTAINER 1 User 2. Launches FRAMEWORK 1 CALICO & DOCKER ENGINE CONTAINER 2 Admin User 2. Launches FRAMEWORK 2 Framework authentication Check resources for the role Authorization to launch tasks Authorization to use the network Audit (logs and Mesos API) - use case - net_2: Deny from framework 1 At least 1 core, 1GB to framework 1
© Stratio 2017. Confidential, All Rights Reserved. MESOS NETWORK B 2 CORES 5Gb RAM NETWORK A 0.5 CORES 1Gb RAM 48 PROTECT THE SERVICE CONTAINER 1 User 2. Launches FRAMEWORK 1 CALICO & DOCKER ENGINE CONTAINER 2 Admin User 2. Launches FRAMEWORK 2 Framework authentication Check resources for the role Authorization to launch tasks Authorization to use the network Audit (logs and Mesos API) - use case - net_2: Deny from framework 1 At least 1 core, 1GB to framework 1
© Stratio 2017. Confidential, All Rights Reserved. MULTI-DATA CENTER 49 - a use case -
Big Data Security: Facing the challenge
Big Data Security: Facing the challenge

Recommended

Operationalizing Big Data
Operationalizing Big DataOperationalizing Big Data
Operationalizing Big DataStratio
 
Artificial Intelligence on Data Centric Platform
Artificial Intelligence on Data Centric PlatformArtificial Intelligence on Data Centric Platform
Artificial Intelligence on Data Centric PlatformStratio
 
Stratio Sparta 2.0
Stratio Sparta 2.0Stratio Sparta 2.0
Stratio Sparta 2.0Stratio
 
“A Distributed Operational and Informational Technological Stack”
“A Distributed Operational and Informational Technological Stack” “A Distributed Operational and Informational Technological Stack”
“A Distributed Operational and Informational Technological Stack” Stratio
 
Building Reactive Real-time Data Pipeline
Building Reactive Real-time Data PipelineBuilding Reactive Real-time Data Pipeline
Building Reactive Real-time Data PipelineTrieu Nguyen
 
Counting Unique Users in Real-Time: Here's a Challenge for You!
Counting Unique Users in Real-Time: Here's a Challenge for You!Counting Unique Users in Real-Time: Here's a Challenge for You!
Counting Unique Users in Real-Time: Here's a Challenge for You!DataWorks Summit
 
Our journey with druid - from initial research to full production scale
Our journey with druid - from initial research to full production scaleOur journey with druid - from initial research to full production scale
Our journey with druid - from initial research to full production scaleItai Yaffe
 
Vmware Serengeti - Based on Infochimps Ironfan
Vmware Serengeti - Based on Infochimps IronfanVmware Serengeti - Based on Infochimps Ironfan
Vmware Serengeti - Based on Infochimps IronfanJim Kaskade
 

Recommended

Operationalizing Big Data
Operationalizing Big DataOperationalizing Big Data
Operationalizing Big DataStratio
 
Artificial Intelligence on Data Centric Platform
Artificial Intelligence on Data Centric PlatformArtificial Intelligence on Data Centric Platform
Artificial Intelligence on Data Centric PlatformStratio
 
Stratio Sparta 2.0
Stratio Sparta 2.0Stratio Sparta 2.0
Stratio Sparta 2.0Stratio
 
“A Distributed Operational and Informational Technological Stack”
“A Distributed Operational and Informational Technological Stack” “A Distributed Operational and Informational Technological Stack”
“A Distributed Operational and Informational Technological Stack” Stratio
 
Building Reactive Real-time Data Pipeline
Building Reactive Real-time Data PipelineBuilding Reactive Real-time Data Pipeline
Building Reactive Real-time Data PipelineTrieu Nguyen
 
Counting Unique Users in Real-Time: Here's a Challenge for You!
Counting Unique Users in Real-Time: Here's a Challenge for You!Counting Unique Users in Real-Time: Here's a Challenge for You!
Counting Unique Users in Real-Time: Here's a Challenge for You!DataWorks Summit
 
Our journey with druid - from initial research to full production scale
Our journey with druid - from initial research to full production scaleOur journey with druid - from initial research to full production scale
Our journey with druid - from initial research to full production scaleItai Yaffe
 
Vmware Serengeti - Based on Infochimps Ironfan
Vmware Serengeti - Based on Infochimps IronfanVmware Serengeti - Based on Infochimps Ironfan
Vmware Serengeti - Based on Infochimps IronfanJim Kaskade
 
Distributed Logistic Model Trees
Distributed Logistic Model TreesDistributed Logistic Model Trees
Distributed Logistic Model TreesStratio
 
Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017
Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017
Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017Big Data Spain
 
Data Aggregation, Curation and analytics for security and situational awareness
Data Aggregation, Curation and analytics for security and situational awarenessData Aggregation, Curation and analytics for security and situational awareness
Data Aggregation, Curation and analytics for security and situational awarenessDataWorks Summit/Hadoop Summit
 
Polyglot Processing - An Introduction 1.0
Polyglot Processing - An Introduction 1.0 Polyglot Processing - An Introduction 1.0
Polyglot Processing - An Introduction 1.0 Dr. Mohan K. Bavirisetty
 
Webinar | Aligning GDPR Requirements with Today's Hybrid Cloud Realities
Webinar | Aligning GDPR Requirements with Today's Hybrid Cloud RealitiesWebinar | Aligning GDPR Requirements with Today's Hybrid Cloud Realities
Webinar | Aligning GDPR Requirements with Today's Hybrid Cloud RealitiesDataStax
 
The Synapse IoT Stack: Technology Trends in IOT and Big Data
The Synapse IoT Stack: Technology Trends in IOT and Big DataThe Synapse IoT Stack: Technology Trends in IOT and Big Data
The Synapse IoT Stack: Technology Trends in IOT and Big DataInMobi Technology
 
The Curse of the Data Lake Monster
The Curse of the Data Lake MonsterThe Curse of the Data Lake Monster
The Curse of the Data Lake MonsterThoughtworks
 
Near Real-time Outlier Detection and Interpretation - Part 1 by Robert Thorma...
Near Real-time Outlier Detection and Interpretation - Part 1 by Robert Thorma...Near Real-time Outlier Detection and Interpretation - Part 1 by Robert Thorma...
Near Real-time Outlier Detection and Interpretation - Part 1 by Robert Thorma...DataWorks Summit/Hadoop Summit
 
Elastic at KPN
Elastic at KPNElastic at KPN
Elastic at KPNElasticsearch
 
Building a Streaming Microservices Architecture - Data + AI Summit EU 2020
Building a Streaming Microservices Architecture - Data + AI Summit EU 2020Building a Streaming Microservices Architecture - Data + AI Summit EU 2020
Building a Streaming Microservices Architecture - Data + AI Summit EU 2020Databricks
 
Monitoring in Big Data Frameworks @ Big Data Meetup, Timisoara, 2015
Monitoring in Big Data Frameworks @ Big Data Meetup, Timisoara, 2015Monitoring in Big Data Frameworks @ Big Data Meetup, Timisoara, 2015
Monitoring in Big Data Frameworks @ Big Data Meetup, Timisoara, 2015Institute e-Austria Timisoara
 
Twitter Storm: Ereignisverarbeitung in Echtzeit
Twitter Storm: Ereignisverarbeitung in EchtzeitTwitter Storm: Ereignisverarbeitung in Echtzeit
Twitter Storm: Ereignisverarbeitung in EchtzeitGuido Schmutz
 
Best Practices for Getting to Production with DataStax Enterprise Graph
Best Practices for Getting to Production with DataStax Enterprise GraphBest Practices for Getting to Production with DataStax Enterprise Graph
Best Practices for Getting to Production with DataStax Enterprise GraphDataStax
 
Can My Inventory Survive Eventual Consistency?
Can My Inventory Survive Eventual Consistency?Can My Inventory Survive Eventual Consistency?
Can My Inventory Survive Eventual Consistency?DataStax
 
Webinar | Data Management for Hybrid and Multi-Cloud: A Four-Step Journey
Webinar | Data Management for Hybrid and Multi-Cloud: A Four-Step JourneyWebinar | Data Management for Hybrid and Multi-Cloud: A Four-Step Journey
Webinar | Data Management for Hybrid and Multi-Cloud: A Four-Step JourneyDataStax
 
Technology behind-real-time-log-analytics
Technology behind-real-time-log-analytics Technology behind-real-time-log-analytics
Technology behind-real-time-log-analytics Data Science Thailand
 
Scalability and Graph Analytics with Neo4j - Stefan Kolmar, Neo4j
Scalability and Graph Analytics with Neo4j - Stefan Kolmar, Neo4jScalability and Graph Analytics with Neo4j - Stefan Kolmar, Neo4j
Scalability and Graph Analytics with Neo4j - Stefan Kolmar, Neo4jNeo4j
 
The Rise of Engineering-Driven Analytics by Loren Shure
The Rise of Engineering-Driven Analytics by Loren ShureThe Rise of Engineering-Driven Analytics by Loren Shure
The Rise of Engineering-Driven Analytics by Loren ShureBig Data Spain
 
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho ITJak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho ITMarketingArrowECS_CZ
 
Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021lior mazor
 
Containers At-Risk A Review of 21,000 Cloud Environments
Containers At-Risk A Review of 21,000 Cloud EnvironmentsContainers At-Risk A Review of 21,000 Cloud Environments
Containers At-Risk A Review of 21,000 Cloud EnvironmentsLacework
 
Containers at risk a review of 21,000 cloud environments
Containers at risk a review of 21,000 cloud environmentsContainers at risk a review of 21,000 cloud environments
Containers at risk a review of 21,000 cloud environmentsdhubbard858
 

More Related Content

What's hot

Distributed Logistic Model Trees
Distributed Logistic Model TreesDistributed Logistic Model Trees
Distributed Logistic Model TreesStratio
 
Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017
Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017
Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017Big Data Spain
 
Data Aggregation, Curation and analytics for security and situational awareness
Data Aggregation, Curation and analytics for security and situational awarenessData Aggregation, Curation and analytics for security and situational awareness
Data Aggregation, Curation and analytics for security and situational awarenessDataWorks Summit/Hadoop Summit
 
Polyglot Processing - An Introduction 1.0
Polyglot Processing - An Introduction 1.0 Polyglot Processing - An Introduction 1.0
Polyglot Processing - An Introduction 1.0 Dr. Mohan K. Bavirisetty
 
Webinar | Aligning GDPR Requirements with Today's Hybrid Cloud Realities
Webinar | Aligning GDPR Requirements with Today's Hybrid Cloud RealitiesWebinar | Aligning GDPR Requirements with Today's Hybrid Cloud Realities
Webinar | Aligning GDPR Requirements with Today's Hybrid Cloud RealitiesDataStax
 
The Synapse IoT Stack: Technology Trends in IOT and Big Data
The Synapse IoT Stack: Technology Trends in IOT and Big DataThe Synapse IoT Stack: Technology Trends in IOT and Big Data
The Synapse IoT Stack: Technology Trends in IOT and Big DataInMobi Technology
 
The Curse of the Data Lake Monster
The Curse of the Data Lake MonsterThe Curse of the Data Lake Monster
The Curse of the Data Lake MonsterThoughtworks
 
Near Real-time Outlier Detection and Interpretation - Part 1 by Robert Thorma...
Near Real-time Outlier Detection and Interpretation - Part 1 by Robert Thorma...Near Real-time Outlier Detection and Interpretation - Part 1 by Robert Thorma...
Near Real-time Outlier Detection and Interpretation - Part 1 by Robert Thorma...DataWorks Summit/Hadoop Summit
 
Building a Streaming Microservices Architecture - Data + AI Summit EU 2020
Building a Streaming Microservices Architecture - Data + AI Summit EU 2020Building a Streaming Microservices Architecture - Data + AI Summit EU 2020
Building a Streaming Microservices Architecture - Data + AI Summit EU 2020Databricks
 
Monitoring in Big Data Frameworks @ Big Data Meetup, Timisoara, 2015
Monitoring in Big Data Frameworks @ Big Data Meetup, Timisoara, 2015Monitoring in Big Data Frameworks @ Big Data Meetup, Timisoara, 2015
Monitoring in Big Data Frameworks @ Big Data Meetup, Timisoara, 2015Institute e-Austria Timisoara
 
Twitter Storm: Ereignisverarbeitung in Echtzeit
Twitter Storm: Ereignisverarbeitung in EchtzeitTwitter Storm: Ereignisverarbeitung in Echtzeit
Twitter Storm: Ereignisverarbeitung in EchtzeitGuido Schmutz
 
Best Practices for Getting to Production with DataStax Enterprise Graph
Best Practices for Getting to Production with DataStax Enterprise GraphBest Practices for Getting to Production with DataStax Enterprise Graph
Best Practices for Getting to Production with DataStax Enterprise GraphDataStax
 
Can My Inventory Survive Eventual Consistency?
Can My Inventory Survive Eventual Consistency?Can My Inventory Survive Eventual Consistency?
Can My Inventory Survive Eventual Consistency?DataStax
 
Webinar | Data Management for Hybrid and Multi-Cloud: A Four-Step Journey
Webinar | Data Management for Hybrid and Multi-Cloud: A Four-Step JourneyWebinar | Data Management for Hybrid and Multi-Cloud: A Four-Step Journey
Webinar | Data Management for Hybrid and Multi-Cloud: A Four-Step JourneyDataStax
 
Technology behind-real-time-log-analytics
Technology behind-real-time-log-analytics Technology behind-real-time-log-analytics
Technology behind-real-time-log-analytics Data Science Thailand
 
Scalability and Graph Analytics with Neo4j - Stefan Kolmar, Neo4j
Scalability and Graph Analytics with Neo4j - Stefan Kolmar, Neo4jScalability and Graph Analytics with Neo4j - Stefan Kolmar, Neo4j
Scalability and Graph Analytics with Neo4j - Stefan Kolmar, Neo4jNeo4j
 
The Rise of Engineering-Driven Analytics by Loren Shure
The Rise of Engineering-Driven Analytics by Loren ShureThe Rise of Engineering-Driven Analytics by Loren Shure
The Rise of Engineering-Driven Analytics by Loren ShureBig Data Spain
 

What's hot (18)

Distributed Logistic Model Trees
Distributed Logistic Model TreesDistributed Logistic Model Trees
Distributed Logistic Model Trees
 
Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017
Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017
Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017
 
Data Aggregation, Curation and analytics for security and situational awareness
Data Aggregation, Curation and analytics for security and situational awarenessData Aggregation, Curation and analytics for security and situational awareness
Data Aggregation, Curation and analytics for security and situational awareness
 
Polyglot Processing - An Introduction 1.0
Polyglot Processing - An Introduction 1.0 Polyglot Processing - An Introduction 1.0
Polyglot Processing - An Introduction 1.0
 
Webinar | Aligning GDPR Requirements with Today's Hybrid Cloud Realities
Webinar | Aligning GDPR Requirements with Today's Hybrid Cloud RealitiesWebinar | Aligning GDPR Requirements with Today's Hybrid Cloud Realities
Webinar | Aligning GDPR Requirements with Today's Hybrid Cloud Realities
 
The Synapse IoT Stack: Technology Trends in IOT and Big Data
The Synapse IoT Stack: Technology Trends in IOT and Big DataThe Synapse IoT Stack: Technology Trends in IOT and Big Data
The Synapse IoT Stack: Technology Trends in IOT and Big Data
 
The Curse of the Data Lake Monster
The Curse of the Data Lake MonsterThe Curse of the Data Lake Monster
The Curse of the Data Lake Monster
 
Near Real-time Outlier Detection and Interpretation - Part 1 by Robert Thorma...
Near Real-time Outlier Detection and Interpretation - Part 1 by Robert Thorma...Near Real-time Outlier Detection and Interpretation - Part 1 by Robert Thorma...
Near Real-time Outlier Detection and Interpretation - Part 1 by Robert Thorma...
 
Elastic at KPN
Elastic at KPNElastic at KPN
Elastic at KPN
 
Building a Streaming Microservices Architecture - Data + AI Summit EU 2020
Building a Streaming Microservices Architecture - Data + AI Summit EU 2020Building a Streaming Microservices Architecture - Data + AI Summit EU 2020
Building a Streaming Microservices Architecture - Data + AI Summit EU 2020
 
Monitoring in Big Data Frameworks @ Big Data Meetup, Timisoara, 2015
Monitoring in Big Data Frameworks @ Big Data Meetup, Timisoara, 2015Monitoring in Big Data Frameworks @ Big Data Meetup, Timisoara, 2015
Monitoring in Big Data Frameworks @ Big Data Meetup, Timisoara, 2015
 
Twitter Storm: Ereignisverarbeitung in Echtzeit
Twitter Storm: Ereignisverarbeitung in EchtzeitTwitter Storm: Ereignisverarbeitung in Echtzeit
Twitter Storm: Ereignisverarbeitung in Echtzeit
 
Best Practices for Getting to Production with DataStax Enterprise Graph
Best Practices for Getting to Production with DataStax Enterprise GraphBest Practices for Getting to Production with DataStax Enterprise Graph
Best Practices for Getting to Production with DataStax Enterprise Graph
 
Can My Inventory Survive Eventual Consistency?
Can My Inventory Survive Eventual Consistency?Can My Inventory Survive Eventual Consistency?
Can My Inventory Survive Eventual Consistency?
 
Webinar | Data Management for Hybrid and Multi-Cloud: A Four-Step Journey
Webinar | Data Management for Hybrid and Multi-Cloud: A Four-Step JourneyWebinar | Data Management for Hybrid and Multi-Cloud: A Four-Step Journey
Webinar | Data Management for Hybrid and Multi-Cloud: A Four-Step Journey
 
Technology behind-real-time-log-analytics
Technology behind-real-time-log-analytics Technology behind-real-time-log-analytics
Technology behind-real-time-log-analytics
 
Scalability and Graph Analytics with Neo4j - Stefan Kolmar, Neo4j
Scalability and Graph Analytics with Neo4j - Stefan Kolmar, Neo4jScalability and Graph Analytics with Neo4j - Stefan Kolmar, Neo4j
Scalability and Graph Analytics with Neo4j - Stefan Kolmar, Neo4j
 
The Rise of Engineering-Driven Analytics by Loren Shure
The Rise of Engineering-Driven Analytics by Loren ShureThe Rise of Engineering-Driven Analytics by Loren Shure
The Rise of Engineering-Driven Analytics by Loren Shure
 

Similar to Big Data Security: Facing the challenge

Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho ITJak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho ITMarketingArrowECS_CZ
 
Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021lior mazor
 
Containers At-Risk A Review of 21,000 Cloud Environments
Containers At-Risk A Review of 21,000 Cloud EnvironmentsContainers At-Risk A Review of 21,000 Cloud Environments
Containers At-Risk A Review of 21,000 Cloud EnvironmentsLacework
 
Containers at risk a review of 21,000 cloud environments
Containers at risk a review of 21,000 cloud environmentsContainers at risk a review of 21,000 cloud environments
Containers at risk a review of 21,000 cloud environmentsdhubbard858
 
Cloud Security @ TIM - Current Practises and Future Challanges
Cloud Security @ TIM - Current Practises and Future ChallangesCloud Security @ TIM - Current Practises and Future Challanges
Cloud Security @ TIM - Current Practises and Future ChallangesMichele Vecchione
 
The Key to Strong Cloud Security
The Key to Strong Cloud SecurityThe Key to Strong Cloud Security
The Key to Strong Cloud SecurityAkeyless
 
Identiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingIdentiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingJoshuaCiccone2
 
CyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfCyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfInfosec Train
 
CyberArk Interview Questions and Answers for 2023.pdf
CyberArk Interview Questions and Answers for 2023.pdfCyberArk Interview Questions and Answers for 2023.pdf
CyberArk Interview Questions and Answers for 2023.pdfinfosec train
 
CyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfCyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfinfosec train
 
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentationJustin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentationTriNimbus
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera Technologies
 
Securing Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataSecuring Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataMirantis
 
Oracle Cloud Computing Strategy
Oracle Cloud Computing StrategyOracle Cloud Computing Strategy
Oracle Cloud Computing StrategyRex Wang
 
Cryptographie avancée et Logical Data Fabric : Accélérez le partage et la mig...
Cryptographie avancée et Logical Data Fabric : Accélérez le partage et la mig...Cryptographie avancée et Logical Data Fabric : Accélérez le partage et la mig...
Cryptographie avancée et Logical Data Fabric : Accélérez le partage et la mig...Denodo
 
Windows Azure Security & Compliance
Windows Azure Security & ComplianceWindows Azure Security & Compliance
Windows Azure Security & ComplianceNuno Godinho
 
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementSecuring DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementBeyondTrust
 
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementAddressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementEnterprise Management Associates
 

Similar to Big Data Security: Facing the challenge (20)

Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho ITJak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
 
Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021
 
Containers At-Risk A Review of 21,000 Cloud Environments
Containers At-Risk A Review of 21,000 Cloud EnvironmentsContainers At-Risk A Review of 21,000 Cloud Environments
Containers At-Risk A Review of 21,000 Cloud Environments
 
Containers at risk a review of 21,000 cloud environments
Containers at risk a review of 21,000 cloud environmentsContainers at risk a review of 21,000 cloud environments
Containers at risk a review of 21,000 cloud environments
 
Company_Profile_Updated_17032016
Company_Profile_Updated_17032016Company_Profile_Updated_17032016
Company_Profile_Updated_17032016
 
Cloud Security @ TIM - Current Practises and Future Challanges
Cloud Security @ TIM - Current Practises and Future ChallangesCloud Security @ TIM - Current Practises and Future Challanges
Cloud Security @ TIM - Current Practises and Future Challanges
 
The Key to Strong Cloud Security
The Key to Strong Cloud SecurityThe Key to Strong Cloud Security
The Key to Strong Cloud Security
 
Identiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingIdentiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffing
 
CyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfCyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdf
 
CyberArk Interview Questions and Answers for 2023.pdf
CyberArk Interview Questions and Answers for 2023.pdfCyberArk Interview Questions and Answers for 2023.pdf
CyberArk Interview Questions and Answers for 2023.pdf
 
CyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfCyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdf
 
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentationJustin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
 
Securing Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataSecuring Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container Data
 
Oracle Cloud Computing Strategy
Oracle Cloud Computing StrategyOracle Cloud Computing Strategy
Oracle Cloud Computing Strategy
 
Cryptographie avancée et Logical Data Fabric : Accélérez le partage et la mig...
Cryptographie avancée et Logical Data Fabric : Accélérez le partage et la mig...Cryptographie avancée et Logical Data Fabric : Accélérez le partage et la mig...
Cryptographie avancée et Logical Data Fabric : Accélérez le partage et la mig...
 
Windows Azure Security & Compliance
Windows Azure Security & ComplianceWindows Azure Security & Compliance
Windows Azure Security & Compliance
 
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementSecuring DevOps through Privileged Access Management
Securing DevOps through Privileged Access Management
 
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementAddressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
 
Understanding the Cloud
Understanding the CloudUnderstanding the Cloud
Understanding the Cloud
 

More from Stratio

Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...Stratio
 
Can an intelligent system exist without awareness? BDS18
Can an intelligent system exist without awareness? BDS18Can an intelligent system exist without awareness? BDS18
Can an intelligent system exist without awareness? BDS18Stratio
 
Kafka and KSQL - Apache Kafka Meetup
Kafka and KSQL - Apache Kafka MeetupKafka and KSQL - Apache Kafka Meetup
Kafka and KSQL - Apache Kafka MeetupStratio
 
Wild Data - The Data Science Meetup
Wild Data - The Data Science MeetupWild Data - The Data Science Meetup
Wild Data - The Data Science MeetupStratio
 
Using Kafka on Event-driven Microservices Architectures - Apache Kafka Meetup
Using Kafka on Event-driven Microservices Architectures - Apache Kafka MeetupUsing Kafka on Event-driven Microservices Architectures - Apache Kafka Meetup
Using Kafka on Event-driven Microservices Architectures - Apache Kafka MeetupStratio
 
Ensemble methods in Machine Learning
Ensemble methods in Machine Learning Ensemble methods in Machine Learning
Ensemble methods in Machine Learning Stratio
 
Introduction to Artificial Neural Networks
Introduction to Artificial Neural NetworksIntroduction to Artificial Neural Networks
Introduction to Artificial Neural NetworksStratio
 
Meetup: Cómo monitorizar y optimizar procesos de Spark usando la Spark Web - ...
Meetup: Cómo monitorizar y optimizar procesos de Spark usando la Spark Web - ...Meetup: Cómo monitorizar y optimizar procesos de Spark usando la Spark Web - ...
Meetup: Cómo monitorizar y optimizar procesos de Spark usando la Spark Web - ...Stratio
 
Lunch&Learn: Combinación de modelos
Lunch&Learn: Combinación de modelosLunch&Learn: Combinación de modelos
Lunch&Learn: Combinación de modelosStratio
 
Meetup: Spark + Kerberos
Meetup: Spark + KerberosMeetup: Spark + Kerberos
Meetup: Spark + KerberosStratio
 
Multiplaform Solution for Graph Datasources
Multiplaform Solution for Graph DatasourcesMultiplaform Solution for Graph Datasources
Multiplaform Solution for Graph DatasourcesStratio
 
Stratio's Cassandra Lucene index: Geospatial use cases - Big Data Spain 2016
Stratio's Cassandra Lucene index: Geospatial use cases - Big Data Spain 2016Stratio's Cassandra Lucene index: Geospatial use cases - Big Data Spain 2016
Stratio's Cassandra Lucene index: Geospatial use cases - Big Data Spain 2016Stratio
 
[Strata] Sparkta
[Strata] Sparkta[Strata] Sparkta
[Strata] SparktaStratio
 
Introduction to Asynchronous scala
Introduction to Asynchronous scalaIntroduction to Asynchronous scala
Introduction to Asynchronous scalaStratio
 
Functional programming in scala
Functional programming in scalaFunctional programming in scala
Functional programming in scalaStratio
 
Spark Streaming @ Berlin Apache Spark Meetup, March 2015
Spark Streaming @ Berlin Apache Spark Meetup, March 2015Spark Streaming @ Berlin Apache Spark Meetup, March 2015
Spark Streaming @ Berlin Apache Spark Meetup, March 2015Stratio
 
Advanced search and Top-K queries in Cassandra
Advanced search and Top-K queries in CassandraAdvanced search and Top-K queries in Cassandra
Advanced search and Top-K queries in CassandraStratio
 
[Spark meetup] Spark Streaming Overview
[Spark meetup] Spark Streaming Overview[Spark meetup] Spark Streaming Overview
[Spark meetup] Spark Streaming OverviewStratio
 
Why spark by Stratio - v.1.0
Why spark by Stratio - v.1.0Why spark by Stratio - v.1.0
Why spark by Stratio - v.1.0Stratio
 
On-the-fly ETL con EFK: ElasticSearch, Flume, Kibana
On-the-fly ETL con EFK: ElasticSearch, Flume, KibanaOn-the-fly ETL con EFK: ElasticSearch, Flume, Kibana
On-the-fly ETL con EFK: ElasticSearch, Flume, KibanaStratio
 

More from Stratio (20)

Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...
 
Can an intelligent system exist without awareness? BDS18
Can an intelligent system exist without awareness? BDS18Can an intelligent system exist without awareness? BDS18
Can an intelligent system exist without awareness? BDS18
 
Kafka and KSQL - Apache Kafka Meetup
Kafka and KSQL - Apache Kafka MeetupKafka and KSQL - Apache Kafka Meetup
Kafka and KSQL - Apache Kafka Meetup
 
Wild Data - The Data Science Meetup
Wild Data - The Data Science MeetupWild Data - The Data Science Meetup
Wild Data - The Data Science Meetup
 
Using Kafka on Event-driven Microservices Architectures - Apache Kafka Meetup
Using Kafka on Event-driven Microservices Architectures - Apache Kafka MeetupUsing Kafka on Event-driven Microservices Architectures - Apache Kafka Meetup
Using Kafka on Event-driven Microservices Architectures - Apache Kafka Meetup
 
Ensemble methods in Machine Learning
Ensemble methods in Machine Learning Ensemble methods in Machine Learning
Ensemble methods in Machine Learning
 
Introduction to Artificial Neural Networks
Introduction to Artificial Neural NetworksIntroduction to Artificial Neural Networks
Introduction to Artificial Neural Networks
 
Meetup: Cómo monitorizar y optimizar procesos de Spark usando la Spark Web - ...
Meetup: Cómo monitorizar y optimizar procesos de Spark usando la Spark Web - ...Meetup: Cómo monitorizar y optimizar procesos de Spark usando la Spark Web - ...
Meetup: Cómo monitorizar y optimizar procesos de Spark usando la Spark Web - ...
 
Lunch&Learn: Combinación de modelos
Lunch&Learn: Combinación de modelosLunch&Learn: Combinación de modelos
Lunch&Learn: Combinación de modelos
 
Meetup: Spark + Kerberos
Meetup: Spark + KerberosMeetup: Spark + Kerberos
Meetup: Spark + Kerberos
 
Multiplaform Solution for Graph Datasources
Multiplaform Solution for Graph DatasourcesMultiplaform Solution for Graph Datasources
Multiplaform Solution for Graph Datasources
 
Stratio's Cassandra Lucene index: Geospatial use cases - Big Data Spain 2016
Stratio's Cassandra Lucene index: Geospatial use cases - Big Data Spain 2016Stratio's Cassandra Lucene index: Geospatial use cases - Big Data Spain 2016
Stratio's Cassandra Lucene index: Geospatial use cases - Big Data Spain 2016
 
[Strata] Sparkta
[Strata] Sparkta[Strata] Sparkta
[Strata] Sparkta
 
Introduction to Asynchronous scala
Introduction to Asynchronous scalaIntroduction to Asynchronous scala
Introduction to Asynchronous scala
 
Functional programming in scala
Functional programming in scalaFunctional programming in scala
Functional programming in scala
 
Spark Streaming @ Berlin Apache Spark Meetup, March 2015
Spark Streaming @ Berlin Apache Spark Meetup, March 2015Spark Streaming @ Berlin Apache Spark Meetup, March 2015
Spark Streaming @ Berlin Apache Spark Meetup, March 2015
 
Advanced search and Top-K queries in Cassandra
Advanced search and Top-K queries in CassandraAdvanced search and Top-K queries in Cassandra
Advanced search and Top-K queries in Cassandra
 
[Spark meetup] Spark Streaming Overview
[Spark meetup] Spark Streaming Overview[Spark meetup] Spark Streaming Overview
[Spark meetup] Spark Streaming Overview
 
Why spark by Stratio - v.1.0
Why spark by Stratio - v.1.0Why spark by Stratio - v.1.0
Why spark by Stratio - v.1.0
 
On-the-fly ETL con EFK: ElasticSearch, Flume, Kibana
On-the-fly ETL con EFK: ElasticSearch, Flume, KibanaOn-the-fly ETL con EFK: ElasticSearch, Flume, Kibana
On-the-fly ETL con EFK: ElasticSearch, Flume, Kibana
 

Recently uploaded

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 

Recently uploaded (20)

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

Big Data Security: Facing the challenge

  • 1. Big Data Security Facing the challenge
  • 3. © Stratio 2017. Confidential, All Rights Reserved. 3 About me • Father of a 5 year old child • Technical leader in Architecture and Security team at Stratio • Sailing skipper
  • 4. © Stratio 2017. Confidential, All Rights Reserved. In your opinion, how difficult is it to manage security in your projects? 4 ● Very difficult ● Difficult ● Easy ● Very Easy ● What is security?
  • 5. DATA GOVERNANCE LOGS CENTRALIZATION PROJECTS FOR EVER ONGOING IN BIG COMPANIES In a monolithic application centric it with data silos these initiatives never get accomplished HUNDRED OF MILLIONS OF EUROS SPENT DURING THE YEARS IN GLOBAL IT CROSS INITIATIVES SAS CRM Earnix (Pricing) Towers Watson ERP Data Warehouse Lab H0 (Plataforma Big Data compartida por el grupo) WebFocus Oracle Mainframe MONITORING SECURITYDATA SECURITY AUDIT
  • 6. PROJECTS FOR EVER ONGOING IN BIG COMPANIES DATA GOVERNANCE LOGS CENTRALIZATION MONITORING DATA SECURITY AUDIT 1 2 3 4 5
  • 7. PROJECTS FOR EVER ONGOING IN BIG COMPANIES DATA GOVERNANCE LOGS CENTRALIZATION MONITORING DATA SECURITY AUDIT 1 2 3 4 5
  • 8. ETL PROJECTS FOR EVER ONGOING IN BIG COMPANIES DATA GOVERNANCE LOGS CENTRALIZATION MONITORING DATA SECURITY AUDIT 1 2 3 4 5
  • 9. GALGO CHASING ELECTRONIC RABBIT… COMPANIES ALWAYS TRY TO GET THE RABBIT In an application centric company with data silos you never will be able to achieve successfully those projects DATA GOVERNANCE LOGS CENTRALIZATION MONITORING SECURITY DATA SECURITY AUDIT
  • 10. STRUCTURAL INITIATIVES ARE SOLVED COMPLETELY WITH DATA CENTRIC DaaS (data as a service) Data Data Intelligence DATA GOVERNANCE LOGS CENTRALIZATION MONITORING SECURITYDATA SECURITY AUDIT Functionalities Implemented in the product
  • 11. RABBIT IN A JAIL MINIMUM EFFORT AND COST TO GET THE RABBIT
  • 13. © Stratio 2017. Confidential, All Rights Reserved. 13 SECURITY IN A DATA CENTRIC Protect the data • Perimeter security to access the cluster. • Support identity management and authentication to prove that a user/service is who claims to be. • In a multi-data store platform ACLs should be centralized to simplified the correct authorization to different data stores. • Audit events must be centralized to control misuse of the cluster in real time. • Data integrity and confidentiality in network communications to protect data on the fly. Protect the service • Perimeter security to access the cluster. • Support identity management and authentication to prove that a user/service is who claims to be. • A user/service should be authorized so more resources than expected are not used. • A user/service should not interfere with other users/services when it is not needed. • To control the use of resources, it should be audited.
  • 14. DATA CENTER OPERATING SYSTEM MESOS SERVICE ORCHESTATION CONTAINERS NODE PROVISIONING TERRAFORM Kafka Zookeeper VAULT BAREMETAL PUBLIC CLOUD SQL PRIVATE CLOUD Docker DaaS Apps Apps Docker Microservices Microservices Docker Data Intelligence as a Service Microservices Apps with Standalone Applications Standalone Applications A P P S SERVICE DISCOVERY STRATIO EOS (Enterprise Operating System) Microservices Apps with Docker Docker Docker MARATHON CONSUL DOCKER StratioDataCentric INFRAS NETWORK ISOLATION CALICO
  • 15. DATA CENTER OPERATING SYSTEM MESOS SERVICE ORCHESTATION CONTAINERS NODE PROVISIONING TERRAFORM Kafka Zookeeper VAULT BAREMETAL PUBLIC CLOUD SQL PRIVATE CLOUD Docker DaaS Apps Apps Docker Microservices Microservices Docker Data Intelligence as a Service Microservices Apps with Standalone Applications Standalone Applications A P P S SERVICE DISCOVERY STRATIO EOS (Enterprise Operating System) Microservices Apps with Docker Docker Docker MARATHON CONSUL DOCKER StratioDataCentric INFRAS NETWORK ISOLATION CALICO
  • 16. DATA CENTER OPERATING SYSTEM MESOS SERVICE ORCHESTATION CONTAINERS NODE PROVISIONING TERRAFORM Kafka Zookeeper VAULT BAREMETAL PUBLIC CLOUD SQL PRIVATE CLOUD Docker DaaS Apps Apps Docker Microservices Microservices Docker Data Intelligence as a Service Microservices Apps with Standalone Applications Standalone Applications A P P S SERVICE DISCOVERY STRATIO EOS (Enterprise Operating System) Microservices Apps with Docker Docker Docker MARATHON CONSUL DOCKER StratioDataCentric INFRAS NETWORK ISOLATION CALICO
  • 17. DATA CENTER OPERATING SYSTEM MESOS SERVICE ORCHESTATION CONTAINERS NODE PROVISIONING TERRAFORM Kafka Zookeeper VAULT BAREMETAL PUBLIC CLOUD SQL PRIVATE CLOUD Docker DaaS Apps Apps Docker Microservices Microservices Docker Data Intelligence as a Service Microservices Apps with Standalone Applications Standalone Applications A P P S SERVICE DISCOVERY STRATIO EOS (Enterprise Operating System) Microservices Apps with Docker Docker Docker MARATHON CONSUL DOCKER StratioDataCentric INFRAS NETWORK ISOLATION CALICO
  • 18. DATA CENTER OPERATING SYSTEM MESOS SERVICE ORCHESTATION CONTAINERS NODE PROVISIONING TERRAFORM Kafka Zookeeper VAULT BAREMETAL PUBLIC CLOUD SQL PRIVATE CLOUD Docker DaaS Apps Apps Docker Microservices Microservices Docker Data Intelligence as a Service Microservices Apps with Standalone Applications Standalone Applications A P P S SERVICE DISCOVERY STRATIO EOS (Enterprise Operating System) Microservices Apps with Docker Docker Docker MARATHON CONSUL DOCKER StratioDataCentric INFRAS NETWORK ISOLATION CALICO
  • 19. © Stratio 2017. Confidential, All Rights Reserved. In order to guide the security priorities in the product roadmap, we are focused on helping to comply with LOPD within the platform. Every release of the Stratio platform, the security status is notified through: • Results of the OWASP tests for the main components of the platform. • Results of additional general purpose security tests defined to assure the quality expected. • Security Risk Report that includes the known issues found. • When Critical and High issues are found: ‐ We explain how can be mitigated. ‐ We plan to solve them during the next release. 19 SECURITY OVERVIEW
  • 20. © Stratio 2017. Confidential, All Rights Reserved. 20 PERIMETER SECURITY: NETWORKING Public Network Private network Private Agents Admin network Admin Router Master Nodes Admin network Admin Router Public Agents • The default network configuration allows a zone-based network security design: ‐ Public. ‐ Admin. ‐ Private. • Using Mesos roles to identify nodes ensures that only tasks specifically configured with this role will be executed outside the Private zone. • Using Marathon labels, endpoints can be registered dynamically: ‐ Admin Router for the Admin zone. ‐ Marathon LB for the Public zone.
  • 21. © Stratio 2017. Confidential, All Rights Reserved. The solution is integrated with LDAP and Kerberos owned by the company where Stratio DCS is installed. 21 AUTHENTICATION, AUTHORIZATION AND AUDIT • Authentication: ‐ Web: OAuth2. ‐ Services & Data Stores: Kerberos or TLS-Mutual. • Authorization: ‐ OAuth2 ‐ goSec Management: API Rest and website used to manage roles, profiles and ACLs. Also it shows users, groups and audit data. • Audit: authentication and authorization events are structured and stored in a data bus (Kafka) to be computed and collected.
  • 22. © Stratio 2017. Confidential, All Rights Reserved. Plugins are lightweight programs running within processes of each cluster component. They are responsible for: • Authorization (using goSec ACLs). • Audit of every request sent to the component. Currently plugins have been developed for: • Crossdata • Sparta • Zookeeper • HDFS 22 AUTHENTICATION, AUTHORIZATION AND AUDIT • Kafka • Elasticsearch
  • 23. © Stratio 2017. Confidential, All Rights Reserved. • It is a good practice to manage secretes by key management system instead of store them locally. • For this purpose Stratio DCS uses HashiCorp Vault 23 KEY MANAGEMENT SYSTEM
  • 24. © Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain authentication tokens in a secure way? • Where applications save vault’s tokens? • How are tokens protected? • How will I know if someone steal tokens? 24 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application MarathonAdmin
  • 25. © Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain authentication tokens in a secure way? • Where applications save vault’s tokens? • How are tokens protected? • How will I know if someone steal tokens? 25 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application Marathon one time secret Run Application Env: one time secretAdmin
  • 26. © Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain authentication tokens in a secure way? • Where applications save vault’s tokens? • How are tokens protected? • How will I know if someone steal tokens? 26 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application Marathon one time secret login Run Application Env: one time secret token < - > ACL Admin
  • 27. © Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain tokens in a secure way? • Where applications save vault’s tokens? • How are tokens guarded? • How will I know if someone steal tokens? 27 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application Marathon one time secret Run Application Env: one time secretAdmin
  • 28. © Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain tokens in a secure way? • Where applications save vault’s tokens? • How are tokens guarded? • How will I know if someone steal tokens? 28 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application Marathon one time secret login Run Application Env: one time secretAdmin
  • 29. © Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain tokens in a secure way? • Where applications save vault’s tokens? • How are tokens guarded? • How will I know if someone steal tokens? 29 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application Marathon one time secret login Run Application Env: one time secretAdmin
  • 30. © Stratio 2017. Confidential, All Rights Reserved. • Can applications obtain tokens in a secure way? • Where applications save vault’s tokens? • How are tokens guarded? • How will I know if someone steal tokens? 30 KEY MANAGEMENT SYSTEM the secret of secrets Mesos First secret management Application Marathon one time secret login Run Application Env: one time secret Logs Alert Admin
  • 31. © Stratio 2017. Confidential, All Rights Reserved. • Spark jobs need access to multiple data stores so that Spark needs to support the security of Stratio DCS. • Spark 2.x compilation has been modified by Stratio in order to: ‐ Access secrets that are stored in the KMS. ‐ Allow access to Kerberized HDFS. ‐ Allow access to PostgreSQL with TLS authentication. ‐ Allow access to Elasticsearch TLS authentication. ‐ Allow access to Kafka with TLS authentication. 31 DATA PROCESSING ENGINE: SPARK
  • 32. © Stratio 2017. Confidential, All Rights Reserved. ADMIN NETWORK PUBLIC NETWORK PRIVATE NETWORK 32 PROTECT THE DATA GOSSEC SSO AUDIT KAFKA KMS LDAP KERBEROS TABLEAU MARATHON-LB GOSEC MANAGEMENT ZOOKEEPER HDFS ADMIN ROUTER ZOOKEEPER Admin Perimeter security Authentication, Authorization, Audit Ciphered communications - use case -
  • 33. © Stratio 2017. Confidential, All Rights Reserved. ADMIN NETWORK PUBLIC NETWORK PRIVATE NETWORK 33 PROTECT THE DATA GOSSEC SSO AUDIT KAFKA KMS LDAP KERBEROS TABLEAU MARATHON-LB GOSEC MANAGEMENT ZOOKEEPER HDFS ADMIN ROUTER ZOOKEEPER Admin Perimeter security Authentication, Authorization, Audit Ciphered communications - use case -
  • 34. © Stratio 2017. Confidential, All Rights Reserved. ADMIN NETWORK PUBLIC NETWORK PRIVATE NETWORK 34 PROTECT THE DATA GOSSEC SSO AUDIT KAFKA KMS LDAP KERBEROS TABLEAU MARATHON-LB GOSEC MANAGEMENT ZOOKEEPER HDFS ADMIN ROUTER ZOOKEEPER Admin Perimeter security Authentication, Authorization, Audit Ciphered communications - use case -
  • 35. © Stratio 2017. Confidential, All Rights Reserved. ADMIN NETWORK PUBLIC NETWORK PRIVATE NETWORK 35 PROTECT THE DATA GOSSEC SSO AUDIT KAFKA KMS LDAP KERBEROS TABLEAU MARATHON-LB GOSEC MANAGEMENT ZOOKEEPER HDFS ADMIN ROUTER ZOOKEEPER Admin Perimeter security Authentication, Authorization, Audit Ciphered communications - use case -
  • 36. © Stratio 2017. Confidential, All Rights Reserved. ADMIN NETWORK PUBLIC NETWORK PRIVATE NETWORK 36 PROTECT THE DATA GOSSEC SSO AUDIT KAFKA KMS LDAP KERBEROS TABLEAU MARATHON-LB GOSEC MANAGEMENT ZOOKEEPER HDFS ADMIN ROUTER ZOOKEEPER Admin Perimeter security Authentication, Authorization, Audit Ciphered communications - use case -
  • 37. © Stratio 2017. Confidential, All Rights Reserved. ADMIN NETWORK PUBLIC NETWORK PRIVATE NETWORK 37 PROTECT THE DATA GOSSEC SSO AUDIT KAFKA KMS LDAP KERBEROS TABLEAU MARATHON-LB GOSEC MANAGEMENT ZOOKEEPER HDFS ADMIN ROUTER ZOOKEEPER Admin Perimeter security Authentication, Authorization, Audit Ciphered communications - use case -
  • 38. © Stratio 2017. Confidential, All Rights Reserved. • Stratio DCS cluster resources (memory, disk, cpus and port ranges) are managed by Mesos. • Mesos, Marathon and Metronome security can be activated post-installation in order to limit the use of the available resources for each framework. • Once it is activated, admins will be able to: ‐ Reserve resources for a Mesos role. ‐ Grant permissions for each user/framework to do actions such as register frameworks, run tasks, reserve resources, create volumes, etc. • Grant a minimum set of resources to a specific mesos role 38 MULTI-TENANCY CAPABILITIES: RESOURCES ISOLATION Mesos Cluster MASTER Marathon AGENT 1 role=slave_public AGENT 2 role=* AGENT 3 role=postgresql AGENT 5 role=* AGENT 4 role=*
  • 39. © Stratio 2017. Confidential, All Rights Reserved. 39 MULTI-TENANCY CAPABILITIES: NETWORKS ISOLATION • What about network isolation into containerized world? • For this purpose Stratio DCS uses Project Calico
  • 40. © Stratio 2017. Confidential, All Rights Reserved. • Virtual networks topologies can be created dynamically. • Virtual networks topologies can be managed by network policies. • Virtual networks can manage all Mesos supported containerized technologies. • Virtual networks barely impacts big data performance. • Frameworks/apps are authorized into a network. • Frameworks/apps can be isolated into a virtual network. • Frameworks/apps IP addresses and ports are managed by instance. 40 MULTI-TENANCY CAPABILITIES: NETWORKS ISOLATION
  • 41. © Stratio 2015. Confidential, All Rights Reserved. Network Isolation components 41
  • 42. © Stratio 2015. Confidential, All Rights Reserved. Network Isolation Virtual Networks 42
  • 43. © Stratio 2015. Confidential, All Rights Reserved. Network Isolation Integration 43
  • 44. © Stratio 2017. Confidential, All Rights Reserved. MESOS 44 PROTECT THE SERVICE CALICO & DOCKER ENGINE Admin Framework authentication Check resources for the role Authorization to launch tasks Authorization to use the network Audit (logs and Mesos API) - use case -
  • 45. © Stratio 2017. Confidential, All Rights Reserved. MESOS 45 PROTECT THE SERVICE CALICO & DOCKER ENGINE Admin Framework authentication Check resources for the role Authorization to launch tasks Authorization to use the network Audit (logs and Mesos API) - use case - At least 1 core, 1GB to framework 1
  • 46. © Stratio 2017. Confidential, All Rights Reserved. MESOS 46 PROTECT THE SERVICE CALICO & DOCKER ENGINE Admin Framework authentication Check resources for the role Authorization to launch tasks Authorization to use the network Audit (logs and Mesos API) - use case - net_2: Deny from framework 1 At least 1 core, 1GB to framework 1
  • 47. © Stratio 2017. Confidential, All Rights Reserved. MESOS NETWORK B 2 CORES 5Gb RAM NETWORK A 0.5 CORES 1Gb RAM 47 PROTECT THE SERVICE CONTAINER 1 User 2. Launches FRAMEWORK 1 CALICO & DOCKER ENGINE CONTAINER 2 Admin User 2. Launches FRAMEWORK 2 Framework authentication Check resources for the role Authorization to launch tasks Authorization to use the network Audit (logs and Mesos API) - use case - net_2: Deny from framework 1 At least 1 core, 1GB to framework 1
  • 48. © Stratio 2017. Confidential, All Rights Reserved. MESOS NETWORK B 2 CORES 5Gb RAM NETWORK A 0.5 CORES 1Gb RAM 48 PROTECT THE SERVICE CONTAINER 1 User 2. Launches FRAMEWORK 1 CALICO & DOCKER ENGINE CONTAINER 2 Admin User 2. Launches FRAMEWORK 2 Framework authentication Check resources for the role Authorization to launch tasks Authorization to use the network Audit (logs and Mesos API) - use case - net_2: Deny from framework 1 At least 1 core, 1GB to framework 1
  • 49. © Stratio 2017. Confidential, All Rights Reserved. MULTI-DATA CENTER 49 - a use case -

Editor's Notes

  1. So.. thank you very much, I’m Carlos Gómez ….
  2. Limitaciones: denegación de servicio por alto tráfico de red. Gstion de identiades Gestion de secretos Retos Sistemas distrubiodos Sustemas dinamicas Integracion global de soluciones
  3. Authentication, Authorization and Audit. Secure communications. Secure data processing. Multi-tenant capabilities.
  4. Authentication, Authorization and Audit. Secure communications. Secure data processing. Multi-tenant capabilities.
  5. Authentication, Authorization and Audit. Secure communications. Secure data processing. Multi-tenant capabilities.
  6. Authentication, Authorization and Audit. Secure communications. Secure data processing. Multi-tenant capabilities.
  7. Authentication, Authorization and Audit. Secure communications. Secure data processing. Multi-tenant capabilities.
  8. Ayudamos a cumplir: INCIDENCIAS Bajo: Registro de incidencias: tipo, momento de su detección, persona que la notifica, efectos y medidas correctoras. Procedimiento de notificación y gestión de las incidencias. Medio: SOLO FICHEROS AUTOMATIZADOS - Anotar los procedimientos de recuperación, persona que lo ejecuta, datos restaurados, y en su caso, datos grabados manualmente. Autorización del responsable del fichero para la recuperación de datos. CONTROL DE ACCESO Baja: Relación actualizada de usuarios y accesos autorizados. Control de accesos permitidos a cada usuario según las funciones asignadas. Mecanismos que eviten el acceso a datos o recursos con derechos distintos de los autorizados. Concesión de permisos de acceso sólo por personal autorizado. Mismas condiciones para personal ajeno con acceso a los recursos de datos. Alta: Registro de accesos: usuario, hora, fichero, tipo de acceso, autorizado o denegado.Control de accesos autorizados.Identificación accesos para documentos accesibles por múltiples usuarios. IDENTIFICACIÓN Y AUTENTICACIÓN Baja: Identificación y autenticación personalizada. Procedimiento de asignación y distribución de contraseñas. Almacenamiento ininteligible de las contraseñas. Periodicidad del cambio de contraseñas (<1 año). Medio: Límite de intentos reiterados de acceso no autorizado. GESTIÓN DE SOPORTES Baja: Inventario de soportes. Identificación del tipo de información que contienen, o sistema de etiquetado. Acceso restringido al lugar de almacenamiento. Autorización de las salidas de soportes (incluidas a través de email) Media: Registro de entrada y salida de soportes: documento o soporte, fecha, emisor/destinatario, número, tipo de información, forma de envío, responsable autorizado para recepción/entrega. Alta (NO CUMPLIDO??): Sistema de etiquetado confidencial.Cifrado de datos en la distribución de soportes. Cifrado de información en dispositivos portátiles fuera de las instalaciones (evitar el uso de dispositivos que no permitan cifrado, o adoptar medidas alternativas). COPIAS DE RESPALDO Baja: Copia de respaldo semanal. Procedimientos de generación de copias de respaldo y recuperación de datos. Verificación semestral de los procedimientos. Reconstrucción de los datos a partir de la última copia. Grabación manual en su caso, si existe documentación que lo permita. Pruebas con datos reales. Copia de seguridad y aplicación del nivel de seguridad correspondiente. Alta (NO CUMPLIDO??): Copia de respaldo y procedimientos de recuperación en lugar diferente del que se encuentren los equipos. AUDITORIA Informe de detección de deficiencias y propuestas correctoras. TELECOMUNICACIONES Alta (No cumplida en todos los casos, pero si perimetral): Transmisión de datos a través de redes electrónicas cifradas.
  9. Web: CAS Server with OAuth2 support. Its purpose is to permit a user to access multiple applications. It offers a consistent way to sign on the different modules and tools that have a web interface. Services/Data Stores: authentication with Kerberos and TLS-Mutual, when the technology does not support Kerberos.
  10. Applications/services need secrets: certificates, keytabs, passwords, tokens, API keys...
  11. Although secrets are centralized in the Stratio KMS (Vault), each application need vault’s authentication tokens. To manage these token dynamically DCS makes use of AppRole auth backend. Each app is associated with a Vault’s Approle A third party component manages temporary secrets to frameworks. To get framework’s secrets, framework must log-in with its temporary secret.
  12. Although secrets are centralized in the Stratio KMS (Vault), each application need vault’s authentication tokens. To manage these token dynamically DCS makes use of AppRole auth backend. Each app is associated with a Vault’s Approle A third party component manages temporary secrets to frameworks. To get framework’s secrets, framework must log-in with its temporary secret.
  13. Although secrets are centralized in the Stratio KMS (Vault), each application need vault’s authentication tokens. To manage these token dynamically DCS makes use of AppRole auth backend. Each app is associated with a Vault’s Approle A third party component manages temporary secrets to frameworks. To get framework’s secrets, framework must log-in with its temporary secret.
  14. Although secrets are centralized in the Stratio KMS (Vault), each application need vault’s authentication tokens. To manage these token dynamically DCS makes use of AppRole auth backend. Each app is associated with a Vault’s Approle A third party component manages temporary secrets to frameworks. To get framework’s secrets, framework must log-in with its temporary secret.
  15. Although secrets are centralized in the Stratio KMS (Vault), each application need vault’s authentication tokens. To manage these token dynamically DCS makes use of AppRole auth backend. Each app is associated with a Vault’s Approle A third party component manages temporary secrets to frameworks. To get framework’s secrets, framework must log-in with its temporary secret.
  16. Although secrets are centralized in the Stratio KMS (Vault), each application need vault’s authentication tokens. To manage these token dynamically DCS makes use of AppRole auth backend. Each app is associated with a Vault’s Approle A third party component manages temporary secrets to frameworks. To get framework’s secrets, framework must log-in with its temporary secret.
  17. Although secrets are centralized in the Stratio KMS (Vault), each application need vault’s authentication tokens. To manage these token dynamically DCS makes use of AppRole auth backend. Each app is associated with a Vault’s Approle A third party component manages temporary secrets to frameworks. To get framework’s secrets, framework must log-in with its temporary secret.
  18. Spark is the data processing engine in Stratio DCS.
  19. Admin logins Admin configures identities Admin configures secrets Admin configures Authorization Crossdata requests HDFS secrets Crossdata establish HDFS auth User send identity and requests data Crossdata requests user’s authorization Crossdata audits HDFS audits Response to User
  20. Admin logins Admin configures identities Admin configures secrets Admin configures Authorization Crossdata requests HDFS secrets Crossdata establish HDFS auth User send identity and requests data Crossdata requests user’s authorization Crossdata audits HDFS audits Response to User
  21. Admin logins Admin configures identities Admin configures secrets Admin configures Authorization Crossdata requests HDFS secrets Crossdata establish HDFS auth User send identity and requests data Crossdata requests user’s authorization Crossdata audits HDFS audits Response to User
  22. Admin logins Admin configures identities Admin configures secrets Admin configures Authorization Crossdata requests HDFS secrets Crossdata establish HDFS auth User send identity and requests data Crossdata requests user’s authorization Crossdata audits HDFS audits Response to User
  23. Admin logins Admin configures identities Admin configures secrets Admin configures Authorization Crossdata requests HDFS secrets Crossdata establish HDFS auth User send identity and requests data Crossdata requests user’s authorization Crossdata audits HDFS audits Response to User
  24. Admin logins Admin configures identities Admin configures secrets Admin configures Authorization Crossdata requests HDFS secrets Crossdata establish HDFS auth User send identity and requests data Crossdata requests user’s authorization Crossdata audits HDFS audits Response to User
  25. Admin manages resources Admin manages networks and policies Users launchs frameworks Policy applied
  26. Admin manages resources Admin manages networks and policies Users launchs frameworks Policy applied
  27. Admin manages resources Admin manages networks and policies Users launchs frameworks Policy applied
  28. Admin manages resources Admin manages networks and policies Users launchs frameworks Policy applied
  29. Admin manages resources Admin manages networks and policies Users launchs frameworks Policy applied
  30. Hacer spoiler a Nacho
  31. This is our programme. You will be able to see information and updates + our schedule by scanning this QR code