A Whitepaper of Qubole that how it passionate about making data easily accessible for open data lake platforms while using Amazon AWS for our customer's data with proper security measures & compliance
https://www.qubole.com/resources/white-papers/qubole-on-amazon-aws-security-and-compliance
Qubole on AWS: Security and Compliance - White Paper | QuboleVasu S
A whitepaper is about the security strategies we use to protect customers information and provides specific details of how our security model works with Amazon Web Services (AWS).
https://www.qubole.com/resources/white-papers/aws-security-2018
This document discusses various features in MySQL and Percona Server that provide data encryption and security capabilities. It begins with an introduction to the speaker and Percona company. Then it covers topics like SSL, password management using plugins, OS/cloud security, audit plugins, tablespace and log encryption in Percona Server and MySQL 8. Transparent data encryption and new password hashing algorithms are also summarized.
This document summarizes an information management software called RightsWATCH. The summary includes:
1. RightsWATCH provides policy-driven classification and labeling of data to enforce access control policies. It can automatically classify existing and new data.
2. RightsWATCH helps prevent data loss and allows data sharing while upholding corporate policies. It does not require extra clicks or onboarding of external users.
3. RightsWATCH provides comprehensive audit trails for tracking data use and forensics analysis. When used with security information and event management tools, it allows for data analytics.
Azure 13 effective security controls for iso 27001 complianceErlinkencana
This document provides 13 security principles for designing secure solutions when using Microsoft Azure. The principles are aligned with ISO 27001 and are intended to help customers mitigate security risks early in their adoption of cloud computing. The principles cover key areas like identity and authentication, access controls, malware protection, encryption, logging and monitoring. Following the principles can help solutions meet compliance obligations like ISO 27001.
Whether you’re faced with constraints on your IT budget, fighting the ever changing threat landscapes, or are looking to improve efficiency of compliance and security initiatives, we understand that business requirements can vary, hence, CYBER-i's Managed Security Services are designed to be flexible and adaptable.
Threats are getting increasingly complicated while skills remain at a premium. Business imperatives like BYOD, social media, web applications and big data can pose risks as well as create inefficiencies if not properly managed. CYBER-i can help solve these challenges and close the gap – through OUTCOME BASED SERVICE OFFERING integrated technologies, unparalleled threat intelligence and highly flexible managed services designed to meet the unique demands of your business.
Know more about AGC Networks here: http://www.agcnetworks.com/in/en/cyber-i
The Enablement of an Identity-Centric SOC in the Regulatory Rumba EraLuca Martelli
Data, People and Software security: how does them relate to the GDPR security principles? In this new attack landscape, network-centric security is no longer enough because threats come from inside and outside the network. Oracle Identity SOC is an identity-centric, context-aware intelligence and automation framework for security operations centers, backed by advanced user behavior analytics and machine learning to spot compelling events that require automated remediation.
Richard Hogg & Dennis Waldron - #InfoGov17 - Cognitive Unified Governance & P...ARMA International
GDPR is Coming, May 25 2018 brings a whole new order of EU Personal Data Privacy and Protection rights, duties and obligations. What changes, what's your risk and how can you start to prepare?
How can a Unified Governance strategy and capabilities transform both your information governance program, and provide a framework for personal data?
How that strategy can leverage metadata to support and accelerate meeting regulatory issues.
The Qualys Cloud Platform and integrated suite of solutions enable organizations to simplify security operations and lower compliance costs by delivering continuous security insights and automating auditing and protection for IT systems and web applications from a centralized cloud-based platform. Easy-to-deploy sensors constantly gather data that is analyzed to identify vulnerabilities and ensure compliance with policies. The suite includes vulnerability management, compliance monitoring, web application scanning, and a web application firewall.
Qubole on AWS: Security and Compliance - White Paper | QuboleVasu S
A whitepaper is about the security strategies we use to protect customers information and provides specific details of how our security model works with Amazon Web Services (AWS).
https://www.qubole.com/resources/white-papers/aws-security-2018
This document discusses various features in MySQL and Percona Server that provide data encryption and security capabilities. It begins with an introduction to the speaker and Percona company. Then it covers topics like SSL, password management using plugins, OS/cloud security, audit plugins, tablespace and log encryption in Percona Server and MySQL 8. Transparent data encryption and new password hashing algorithms are also summarized.
This document summarizes an information management software called RightsWATCH. The summary includes:
1. RightsWATCH provides policy-driven classification and labeling of data to enforce access control policies. It can automatically classify existing and new data.
2. RightsWATCH helps prevent data loss and allows data sharing while upholding corporate policies. It does not require extra clicks or onboarding of external users.
3. RightsWATCH provides comprehensive audit trails for tracking data use and forensics analysis. When used with security information and event management tools, it allows for data analytics.
Azure 13 effective security controls for iso 27001 complianceErlinkencana
This document provides 13 security principles for designing secure solutions when using Microsoft Azure. The principles are aligned with ISO 27001 and are intended to help customers mitigate security risks early in their adoption of cloud computing. The principles cover key areas like identity and authentication, access controls, malware protection, encryption, logging and monitoring. Following the principles can help solutions meet compliance obligations like ISO 27001.
Whether you’re faced with constraints on your IT budget, fighting the ever changing threat landscapes, or are looking to improve efficiency of compliance and security initiatives, we understand that business requirements can vary, hence, CYBER-i's Managed Security Services are designed to be flexible and adaptable.
Threats are getting increasingly complicated while skills remain at a premium. Business imperatives like BYOD, social media, web applications and big data can pose risks as well as create inefficiencies if not properly managed. CYBER-i can help solve these challenges and close the gap – through OUTCOME BASED SERVICE OFFERING integrated technologies, unparalleled threat intelligence and highly flexible managed services designed to meet the unique demands of your business.
Know more about AGC Networks here: http://www.agcnetworks.com/in/en/cyber-i
The Enablement of an Identity-Centric SOC in the Regulatory Rumba EraLuca Martelli
Data, People and Software security: how does them relate to the GDPR security principles? In this new attack landscape, network-centric security is no longer enough because threats come from inside and outside the network. Oracle Identity SOC is an identity-centric, context-aware intelligence and automation framework for security operations centers, backed by advanced user behavior analytics and machine learning to spot compelling events that require automated remediation.
Richard Hogg & Dennis Waldron - #InfoGov17 - Cognitive Unified Governance & P...ARMA International
GDPR is Coming, May 25 2018 brings a whole new order of EU Personal Data Privacy and Protection rights, duties and obligations. What changes, what's your risk and how can you start to prepare?
How can a Unified Governance strategy and capabilities transform both your information governance program, and provide a framework for personal data?
How that strategy can leverage metadata to support and accelerate meeting regulatory issues.
The Qualys Cloud Platform and integrated suite of solutions enable organizations to simplify security operations and lower compliance costs by delivering continuous security insights and automating auditing and protection for IT systems and web applications from a centralized cloud-based platform. Easy-to-deploy sensors constantly gather data that is analyzed to identify vulnerabilities and ensure compliance with policies. The suite includes vulnerability management, compliance monitoring, web application scanning, and a web application firewall.
This document provides guidelines and information about conducting facility environmental audits. It discusses the purpose of internal audits to evaluate risk management and overall health of company processes. The document provides templates, checklists and tools to help with internal audits. It also discusses data privacy management, IT risk management, network security, and compliance with standards like ISO and regulations like HIPAA.
Buy OVHcloud account is an easy procedure that is completed within a handful of easy steps. To begin, go to the OVH website, and then select the cloud services you’re looking for.
Then, select the configuration you prefer and choose a plan that is based on the needs of your company. When you’ve chosen the plan you want, add it to your shopping cart and payment.
Elastic, DevSecOps, and the DOD software factoryElasticsearch
The Department of Defense (DoD) and many other organizations are moving towards Agile and infrastructure as code (IaC). This shift improves efficiency and provides more robust security, leading to capabilities such as continuous monitoring and shortened authorization to operate timeframes. Learn more about the DoD software factory and how Elastic fits in.
Free and open cloud security posture monitoringElasticsearch
As organizations migrate to the cloud, attackers have diversified to operate in cloud environments. Learn about the challenges faced by security teams in the cloud and why attacks against cloud environments often succeed. We’ll demonstrate how to ship event data from platforms like AWS, Okta, and Azure to the Elastic Stack, and how security teams can monitor attacker behavior using Elastic Security and Elastic’s free and open detection rules.
This document provides an overview of ZyLAB’s security and compliance commitments and information specific to ZyLAB-One, including detailed responses to the Cloud Security Alliance consensus questionnaire.
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWSAlert Logic
Clarke Rodgers (CISO, SCOR Velogica)'s presentation on SCOR's journey to SOC2/TYPE2 via AWS at the NYC Alert Logic Cloud Security Summit on June 14th, 2016.
EXL has developed a holistic solution to help organisations measure their data privacy compliance, monitor privacy risks and take concrete steps to risk mitigation, across a gamut of privacy laws including GDPR, CCPA, LGPD and others. Read more to find out how we are helping a multinational insurance broker implement a global privacy monitoring center of excellence.
https://www.exlservice.com/global-privacy-risk-monitoring-framework
The document summarizes key points from a presentation on cloud security standards. It discusses the benefits of standards in promoting interoperability and regulatory compliance. It analyzes the current landscape of standards, including specifications, advisory standards, and security frameworks. It also provides recommendations for 10 steps customers can take to evaluate a cloud provider's security, including ensuring governance and compliance, auditing processes, managing access controls, and assessing physical infrastructure security. The document recommends cloud security standards and certifications customers should expect providers to support.
This document summarizes a panel discussion on managing risks and security in the cloud environment. The panelists include professionals from accounting firms and cloud technology companies. They discuss assessing risks prior to moving to the cloud, such as legal and compliance considerations. After moving to the cloud, topics discussed include options for mitigating risks, ensuring risks are addressed, and best practices for resource monitoring and cost controls. The document provides biographies of the panelists and information on additional resources for cloud computing and the CITP certification.
Capgemini technology vision for Oracle Database SecurityJohan Louwers
Capgemini technology vision for Oracle Database Security. Providing an introduction to Oracle Security for the Database and how to work with Capgemini to protect companies and their data
Protecting your mission-critical data and applications in the cloud can best be accomplished through a joint effort between your organization and your cloud services provider (CSP).
RapidScale recognizes the need for compliance with the various laws and regulations across different industries. We have established our data encryption, protocols, and procedures to follow the top compliances and ensure that customer data remains secure and confidential.
The document provides information on cloud migration options for customers, including presentations on Microsoft Azure and Google Cloud. Key points include:
- Microsoft Azure and Google Cloud both offer secure, global cloud infrastructure with a variety of compute and platform services.
- Microsoft emphasizes its experience, single vendor approach, and ability to run solutions like SharePoint and SQL Server best on its cloud. Google highlights its large global infrastructure and 15+ years of cloud experience.
- The document provides security, pricing, resource, and demo information for customers to learn more about migrating workloads and applications to Microsoft Azure or Google Cloud.
How to determine a proper scope selection based on ISO 27001?PECB
Meeting Clause 4 - Context of the Organization "generic" requirements of ISO 27001 in order to determine a proper Documented Scope statement that meets business requirements and gives value to products and/or services.
Main points that have been covered are:
• Interested Parties
• Interfaces & Dependencies
• Legal / Regulatory & Contractual Obligations (Risk of Non-Compliance)
• Documented Scope Statement (including locations within Scope)
Presenter:
Mr. David Anders has worked more than 20+ years in the risk management field managing a broad spectrum of consulting services and product solutions. David has worked in the consulting field for 16 years and is the founder / CEO of SecuraStar, LLC, a niche ISO 27001 consulting firm in the United States and founder / CEO of ISMS Manager Software, LLC.
Link of the recorded session published on YouTube: https://youtu.be/hSaAvKgAC2c
The document summarizes key points from a presentation on latest developments in cloud security standards and privacy. It discusses the benefits of standards, outlines some current security standards and frameworks, and provides recommendations for cloud customers to evaluate a cloud service provider's security capabilities. The presentation emphasizes that customers should ensure cloud providers support relevant security standards to ensure governance, risk management and regulatory compliance.
1. The document introduces ControlCase, a provider of certification and compliance services that helps organizations achieve multiple certifications through a single audit process using common domains and evidence, reducing time and costs significantly.
2. Maintaining compliance with multiple standards like PCI, ISO, SOC 2, and HIPAA can be challenging due to differences in terminology, documentation needs, and assessment processes across standards.
3. ControlCase's single compliance framework approach streamlines compliance by using common definitions, documentation, tooling, assessments, and maintenance across all standards.
This document provides an overview of Google's approach to security and compliance for Google Apps products. It discusses Google's strong security culture, operational security practices, secure technology infrastructure, certifications, data access controls, and regulatory compliance measures. It also describes features that empower users and administrators to improve security and compliance.
O'Reilly ebook: Operationalizing the Data LakeVasu S
Best practices for building a cloud data lake operation—from people and tools to processes
https://www.qubole.com/resources/ebooks/ebook-operationalizing-the-data-lake
This document provides guidelines and information about conducting facility environmental audits. It discusses the purpose of internal audits to evaluate risk management and overall health of company processes. The document provides templates, checklists and tools to help with internal audits. It also discusses data privacy management, IT risk management, network security, and compliance with standards like ISO and regulations like HIPAA.
Buy OVHcloud account is an easy procedure that is completed within a handful of easy steps. To begin, go to the OVH website, and then select the cloud services you’re looking for.
Then, select the configuration you prefer and choose a plan that is based on the needs of your company. When you’ve chosen the plan you want, add it to your shopping cart and payment.
Elastic, DevSecOps, and the DOD software factoryElasticsearch
The Department of Defense (DoD) and many other organizations are moving towards Agile and infrastructure as code (IaC). This shift improves efficiency and provides more robust security, leading to capabilities such as continuous monitoring and shortened authorization to operate timeframes. Learn more about the DoD software factory and how Elastic fits in.
Free and open cloud security posture monitoringElasticsearch
As organizations migrate to the cloud, attackers have diversified to operate in cloud environments. Learn about the challenges faced by security teams in the cloud and why attacks against cloud environments often succeed. We’ll demonstrate how to ship event data from platforms like AWS, Okta, and Azure to the Elastic Stack, and how security teams can monitor attacker behavior using Elastic Security and Elastic’s free and open detection rules.
This document provides an overview of ZyLAB’s security and compliance commitments and information specific to ZyLAB-One, including detailed responses to the Cloud Security Alliance consensus questionnaire.
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWSAlert Logic
Clarke Rodgers (CISO, SCOR Velogica)'s presentation on SCOR's journey to SOC2/TYPE2 via AWS at the NYC Alert Logic Cloud Security Summit on June 14th, 2016.
EXL has developed a holistic solution to help organisations measure their data privacy compliance, monitor privacy risks and take concrete steps to risk mitigation, across a gamut of privacy laws including GDPR, CCPA, LGPD and others. Read more to find out how we are helping a multinational insurance broker implement a global privacy monitoring center of excellence.
https://www.exlservice.com/global-privacy-risk-monitoring-framework
The document summarizes key points from a presentation on cloud security standards. It discusses the benefits of standards in promoting interoperability and regulatory compliance. It analyzes the current landscape of standards, including specifications, advisory standards, and security frameworks. It also provides recommendations for 10 steps customers can take to evaluate a cloud provider's security, including ensuring governance and compliance, auditing processes, managing access controls, and assessing physical infrastructure security. The document recommends cloud security standards and certifications customers should expect providers to support.
This document summarizes a panel discussion on managing risks and security in the cloud environment. The panelists include professionals from accounting firms and cloud technology companies. They discuss assessing risks prior to moving to the cloud, such as legal and compliance considerations. After moving to the cloud, topics discussed include options for mitigating risks, ensuring risks are addressed, and best practices for resource monitoring and cost controls. The document provides biographies of the panelists and information on additional resources for cloud computing and the CITP certification.
Capgemini technology vision for Oracle Database SecurityJohan Louwers
Capgemini technology vision for Oracle Database Security. Providing an introduction to Oracle Security for the Database and how to work with Capgemini to protect companies and their data
Protecting your mission-critical data and applications in the cloud can best be accomplished through a joint effort between your organization and your cloud services provider (CSP).
RapidScale recognizes the need for compliance with the various laws and regulations across different industries. We have established our data encryption, protocols, and procedures to follow the top compliances and ensure that customer data remains secure and confidential.
The document provides information on cloud migration options for customers, including presentations on Microsoft Azure and Google Cloud. Key points include:
- Microsoft Azure and Google Cloud both offer secure, global cloud infrastructure with a variety of compute and platform services.
- Microsoft emphasizes its experience, single vendor approach, and ability to run solutions like SharePoint and SQL Server best on its cloud. Google highlights its large global infrastructure and 15+ years of cloud experience.
- The document provides security, pricing, resource, and demo information for customers to learn more about migrating workloads and applications to Microsoft Azure or Google Cloud.
How to determine a proper scope selection based on ISO 27001?PECB
Meeting Clause 4 - Context of the Organization "generic" requirements of ISO 27001 in order to determine a proper Documented Scope statement that meets business requirements and gives value to products and/or services.
Main points that have been covered are:
• Interested Parties
• Interfaces & Dependencies
• Legal / Regulatory & Contractual Obligations (Risk of Non-Compliance)
• Documented Scope Statement (including locations within Scope)
Presenter:
Mr. David Anders has worked more than 20+ years in the risk management field managing a broad spectrum of consulting services and product solutions. David has worked in the consulting field for 16 years and is the founder / CEO of SecuraStar, LLC, a niche ISO 27001 consulting firm in the United States and founder / CEO of ISMS Manager Software, LLC.
Link of the recorded session published on YouTube: https://youtu.be/hSaAvKgAC2c
The document summarizes key points from a presentation on latest developments in cloud security standards and privacy. It discusses the benefits of standards, outlines some current security standards and frameworks, and provides recommendations for cloud customers to evaluate a cloud service provider's security capabilities. The presentation emphasizes that customers should ensure cloud providers support relevant security standards to ensure governance, risk management and regulatory compliance.
1. The document introduces ControlCase, a provider of certification and compliance services that helps organizations achieve multiple certifications through a single audit process using common domains and evidence, reducing time and costs significantly.
2. Maintaining compliance with multiple standards like PCI, ISO, SOC 2, and HIPAA can be challenging due to differences in terminology, documentation needs, and assessment processes across standards.
3. ControlCase's single compliance framework approach streamlines compliance by using common definitions, documentation, tooling, assessments, and maintenance across all standards.
This document provides an overview of Google's approach to security and compliance for Google Apps products. It discusses Google's strong security culture, operational security practices, secure technology infrastructure, certifications, data access controls, and regulatory compliance measures. It also describes features that empower users and administrators to improve security and compliance.
O'Reilly ebook: Operationalizing the Data LakeVasu S
Best practices for building a cloud data lake operation—from people and tools to processes
https://www.qubole.com/resources/ebooks/ebook-operationalizing-the-data-lake
O'Reilly ebook: Machine Learning at Enterprise Scale | QuboleVasu S
Real-world data science practitioners offer perspectives and advice on six common Machine Learning problems
https://www.qubole.com/resources/ebooks/oreilly-ebook-machine-learning-at-enterprise-scale
Ebooks - Accelerating Time to Value of Big Data of Apache Spark | QuboleVasu S
This ebook deep dives into Apache Spark optimizations that improve performance, reduce costs and deliver unmatched scale
https://www.qubole.com/resources/ebooks/accelerating-time-to-value-of-big-data-of-apache-spark
O'Reilly eBook: Creating a Data-Driven Enterprise in Media | eubolrVasu S
An O'Reilly eBook about Creating a Data-Driven Enterprise in Media DataOps Insights from Comcast, Sling TV, and Turner Broadcasting.
https://www.qubole.com/resources/ebooks/ebook-creating-a-data-driven-enterprise-in-media
Case Study - Spotad: Rebuilding And Optimizing Real-Time Mobile Adverting Bid...Vasu S
Find out how Qubole helped Spotad, Inc's mobile advertising platform, save 50 percent in its operating costs almost instantly after their migration.
https://www.qubole.com/resources/case-study/spotad
Case Study - Oracle Uses Heterogenous Cluster To Achieve Cost Effectiveness |...Vasu S
Oracle Data Cloud uses 82 clusters with Qubole, including 12 Hadoop1, 28 Hadoop2, and 41 Spark clusters. They configured 25 Hadoop2 and 14 Spark clusters with heterogeneous nodes to reduce costs from rising EC2 prices and spot market volatility. Since switching to heterogeneous clusters 6 months ago, Oracle's costs have decreased or remained steady despite increased usage.
Case Study - Ibotta Builds A Self-Service Data Lake To Enable Business Growth...Vasu S
Read a case study that how Ibotta cut costs thanks to Qubole’s autoscaling and downscaling capabilities, and the ability to isolate workloads to separate clusters
https://www.qubole.com/resources/case-study/ibotta
Case Study - Wikia Provides Federated Access To Data And Business Critical In...Vasu S
A case study of Wikia, that migrated its big data infrastructure and workloads to the cloud in a few months with Qubole and completely eliminated the overhead needed to manage its data platform.
https://www.qubole.com/resources/case-study/wikia
Case Study - Komli Media Improves Utilization With Premium Big Data Platform ...Vasu S
A case study of Komli, that has seen big improvements in data processing, lower total cost of ownership, faster performance and unlimited scale at a lower cost with Qubole.
https://www.qubole.com/resources/case-study/komli-media
Case Study - Malaysia Airlines Uses Qubole To Enhance Their Customer Experien...Vasu S
Malaysia Airlines faced increasing pressure to cut costs and improve profitability. They realized departments were hampered by a lack of data availability, as IT required 48 hours on average to access data. Malaysia Airlines migrated to Microsoft Azure and used Qubole to increase data processing capabilities and reduce data ingestion time by over 90%, allowing customer data to be accessed within 20 minutes rather than 6 hours. This near real-time data access enabled dynamic pricing and improved the customer experience.
Case Study - AgilOne: Machine Learning At Enterprise Scale | QuboleVasu S
A case study about Agilone,partnered with Qubole to better automate the provision of machine learning data-processing resources based on workload with jobs, and automating cluster management.
https://www.qubole.com/resources/case-study/agilone
Case Study - DataXu Uses Qubole To Make Big Data Cloud Querying, Highly Avail...Vasu S
DataXu uses Qubole Data Platform to automate and manage on-premise deployments, provision clusters, maintain Hadoop distributions, and upkeep Adhoc clusters with Qubole's Hive as a service.
https://www.qubole.com/resources/case-study/dataxu
How To Scale New Products With A Data Lake Using Qubole - Case StudyVasu S
Read the case study of Tivo, that how Qubole helped TiVo make viewership, purchasing behavior, and location-based consumer data easily available for its network and advertising partners.
https://www.qubole.com/resources/case-study/tivo
Big Data Trends and Challenges Report - WhitepaperVasu S
In this whitepaper read How companies address common big data trends & challenges to gain greater value from their data.
https://www.qubole.com/resources/report/big-data-trends-and-challenges-report
Qubole is a cloud-native data platform that includes a native connector for Tableau to enable business intelligence and visual analytics on any cloud data lake with any file format. The Qubole connector delivers fast query response times for Tableau users through Presto on Qubole, while automatically managing cloud infrastructure based on user demand to prevent performance impacts or resource competition for simultaneous users. Tableau customers have flexibility to query unstructured or semi-structured data on any data lake, leveraging Presto's high performance without changing their normal workflow.
The Open Data Lake Platform Brief - Data Sheets | WhitepaperVasu S
An open data lake platform provides a robust and future-proof data management paradigm to support a wide range of data processing needs, including data exploration, ad-hoc analytics, streaming analytics, and machine learning.
What is an Open Data Lake? - Data Sheets | WhitepaperVasu S
A data lake, where data is stored in an open format and accessed through open standards-based interfaces, is defined as an Open Data Lake.
https://www.qubole.com/resources/data-sheets/what-is-an-open-data-lake
Qubole Pipeline Services - A Complete Stream Processing Service - Data SheetsVasu S
A Data Sheet about Qubole Pipeline Service to manage streaming ETL pipelines with zero overhead of installation, Integration with Maintenance.
https://www.qubole.com/resources/data-sheets/qubole-pipeline-services
Qubole GDPR Security and Compliance Whitepaper Vasu S
A Whitepaper is about How Qubole can help with GDPR compliance & regulatory needs by using our domain knowledge and best practices to help you meet the GDPR.
https://www.qubole.com/resources/white-papers/qubole-gdpr-security-and-compliance-whitepaper
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
Project Management Semester Long Project - Acuityjpupo2018
Acuity is an innovative learning app designed to transform the way you engage with knowledge. Powered by AI technology, Acuity takes complex topics and distills them into concise, interactive summaries that are easy to read & understand. Whether you're exploring the depths of quantum mechanics or seeking insight into historical events, Acuity provides the key information you need without the burden of lengthy texts.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Webinar: Designing a schema for a Data WarehouseFederico Razzoli
Are you new to data warehouses (DWH)? Do you need to check whether your data warehouse follows the best practices for a good design? In both cases, this webinar is for you.
A data warehouse is a central relational database that contains all measurements about a business or an organisation. This data comes from a variety of heterogeneous data sources, which includes databases of any type that back the applications used by the company, data files exported by some applications, or APIs provided by internal or external services.
But designing a data warehouse correctly is a hard task, which requires gathering information about the business processes that need to be analysed in the first place. These processes must be translated into so-called star schemas, which means, denormalised databases where each table represents a dimension or facts.
We will discuss these topics:
- How to gather information about a business;
- Understanding dictionaries and how to identify business entities;
- Dimensions and facts;
- Setting a table granularity;
- Types of facts;
- Types of dimensions;
- Snowflakes and how to avoid them;
- Expanding existing dimensions and facts.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
3. 3
White Paper
TABLE OF CONTENTS
INTRODUCTION 5
ORGANIZATIONAL SECURITY—OUR PHILOSOPHY 5
Personnel Security 5
Security And Privacy Training 5
QUBOLE’S SECURITY PROFESSIONALS 6
Application Security 6
Product Security 6
Security Operations 6
CSIRT 6
Risk and Compliance 7
Policies And Standards 7
AUDITS, COMPLIANCE AND 3RD-PARTY ASSESSMENTS 8
Cloud Security Alliance 8
AICPA Service Organization Controls 2 Type 2 (SOC2) 8
Privacy Shield 8
GDPR and CCPA 8
HIPAA Compliance 9
ISO-27001 9
Penetration Testing 9
DESIGN SECURITY 10
PROTECTING CUSTOMER DATA 10
Data Encryption 10
Data in Transit 10
Data at Rest 11
Data Privacy and Data Integrity 11
Customer-Supplied Keys 12
4. 4
White Paper
TABLE OF CONTENTS
PLATFORM SECURITY 11
Firewalling via Security Groups 11
Security Event and Incident Management 11
Intrusion Detection 11
File Integrity 12
Vulnerability Scanning and Detection 12
+DUGHQHG%DVHOLQHVDQGRQȴJXUDWLRQ6WDQGDUGV
Authentication 12
System Monitoring, Logging, And Alerts 13
Controlling Change 13
Preventing and Detecting Malicious Code 13
Server Hardening 13
Disaster Recovery and Business Continuity 13
3rd-Party Suppliers 13
QUBOLE ON AMAZON AWS 14
'HȴQLQJRXU6HFXULW2SWLRQVLQ$:6
Hive Authorization in AWS—Improving Enterprise-level Security and Data Governance in the Cloud 14
Creating an Account and Authorizing Users 14
Single Sign-On 14
OAuth 15
SAML 15
Active Directory Federated Service (ADFS) 15
Accessing Data Securely 15
How IAM Roles Work To Manage Secure Access And Authorization 16
Per-User API Tokens 16
CONCLUSION 17
Learn More 17
5. 5
White Paper
INTRODUCTION
Personnel Security
Qubole’s personnel practices apply to all members of
our workforce —regular employees and contractors—
who have access to information systems. All Qubolers
are required to understand and follow internal policies
and standards. Before gaining initial access to systems,
rigorous background screening, and attend annual
security training. Upon termination, all access to our
systems is immediately blocked.
ORGANIZATIONAL SECURITY—OUR
PHILOSOPHY
Security And Privacy Training
During their tenure, all members of our workforce are
required to complete a privacy and security training
refresh at least annually. These courses cover privacy
and security topics, including device security, acceptable
use, preventing malware, physical security, data privacy,
account management, and incident reporting. Qubolers
are also required, on an annual basis, to acknowledge
that they’ve read and will follow Qubole’s information
security policies.
Certain professionals, such as engineers, operators, and
support personnel who may have elevated access to
on privacy and security. Qubolers are also required to
report security and privacy issues to appropriate internal
teams and are informed that failure to comply with
acknowledged policies may result in consequences up
to, and including, termination.
As the leading open data lake platform, Qubole™ is passionate about making data easily accessible for ad-hoc analytics,
streaming analytics and machine learning. Whether they’re using Amazon Web Services, Google Compute, Microsoft
Azure or Oracle Cloud, our customers process nearly an exabyte of data every month and we know that guarding
customer data, enforcing proper security measures, regulatory compliance, and overall trust are essential to your
success. This paper discusses the security strategies we use to protect your information and provides specific details of
how our security model works with Amazon Web Services (AWS).
We believe that availability, security, governance and privacy are essential elements of the Qubole Open Data Lake
Platform. As such, security is integral to our culture and our on-going mission. Security awareness at Qubole far exceeds
the minimal standards required by auditors and compliance organizations and is incorporated in all aspects of our
business model—from product design and development, to day-to-day corporate operations, we are constantly building
and improving our robust organizational security programs.
7. ZKRIXQFWLRQVDVWKHRUJDQL]DWLRQȇVWRSH[HFXWLYHUHVSRQVLEOHIRUVHFXULW
compliance, and privacy. Our CSO serves as the company’s business leader responsible for developing, implementing,
and managing the organization’s corporate security vision, strategy, and programs.
The CSO is supported by the other members of Qubole’s Security Team, which currently consists of security
professionals with more than 75-years of combined privacy experience. This team focuses on Product Security, Security
Operations, Computer Security Incident Response, Risk, and Compliance. Together, they divide responsibilities for key
aspects of our security program including:
QUBOLE’S SECURITY PROFESSIONALS
Application Security
ȏ Secure development practices and standards
ȏ Ensure security risk assessments
ȏ Design and code review services for detecting
DQGUHPRYLQJFRPPRQVHFXULWȵDZV
ȏ Developers are trained and understand secure
coding practices and data privacy
ȏ Developers understand risk issues
Product Security
ȏ 'HVLJQɌȃɌ*XLGHGHYHORSPHQWEUHYLHZLQJWKH
GHVLJQ7KLVLVWKHEHVWVWDJHWRȴQGDFRQFHUQ
before it ever becomes code.
ȏ %XLOGɌȃɌRGHH[LVWVEXWLWLVLQȵX[)LQGLQJDQG
ȴ[LQJLQGLYLGXDOLVVXHVLQWKHFRGHWKURXJK
advice and awareness. The product security
team serves as consultants to engineering,
answering questions like “is this secure?” or “how
should I write this?” and proactive outreach.
ȏ 6KLSɌȃɌ$WKRURXJKUHYLHZEWKHSURGXFWVHFXULW
team, if appropriate before launch. Our product
security team holds itself to an SLA and we work
hard to keep launches on track.
ȏ /LYHɌȃɌ6RIWZDUHVSHQGVPRVWRILWVOLIHWLPHLQ
WKLVVWDJHVRRXUVHFXULWHRUWVGRQȇWVWRSDW
launch.
Security Operations
ȏ Build and operate security-critical infrastructure
including Qubole’s public key infrastructure,
event monitoring, and authentication services
ȏ Maintain a secure archive of access privilege logs
ȏ Consult with operations personnel to ensure
WKHVHFXUHFRQȴJXUDWLRQDQGPDLQWHQDQFHRI
Qubole’s production environment
CSIRT
ȏ Respond to alerts related to security events on
Qubole systems
ȏ Manage security incidents
ȏ Acquire and analyse threat intelligence
8. 7
White Paper
Risk and Compliance
ȏ Coordinate penetration testing
ȏ Manage vulnerability scanning and remediation
ȏ RRUGLQDWHUHJXODUULVNDVVHVVPHQWVDQGGHȴQH
and track risk treatment
ȏ Manage the security awareness program
ȏ Coordinate audits and maintain security
FHUWLȴFDWLRQV
ȏ Respond to customer inquiries
ȏ Review and qualify vendor security posture
All members of Qubole’s Security Team are active
participants in the larger information security community
to improve the overall state of the art of information
security and to maintain their own expertise.
Policies And Standards
Qubole maintains a set of policies, standards, procedures
and guidelines (“security documents”) that provide our
workforce with the “rules of the road.” Our security
documents help ensure that Qubole customers can rely
on us to behave ethically and for our service to operate
securely. Security documents include, but are not limited
to:
ȏ Fair, ethical, and legal standards of business
conduct and acceptable use of systems
ȏ ODVVLȴFDWLRQODEHOOLQJDQGKDQGOLQJUXOHVIRUDOO
types of information assets
ȏ 3UDFWLFHVIRUZRUNHULGHQWLȴFDWLRQ
authentication, and authorization for access
to system data and secure development,
DFTXLVLWLRQFRQȴJXUDWLRQDQGPDLQWHQDQFHRI
systems
ȏ Workforce requirements for transitions, training,
and compliance with ISMS policies
ȏ Use of encryption including requirements for
when and where to use it
ȏ Description, schedule, and requirements for
retention of security records and planning for
business continuity and disaster recovery
ȏ ODVVLȴFDWLRQDQGPDQDJHPHQWRIVHFXULW
incidents and change control
ȏ Regular use of security assessments such as risk
assessments, audits, and penetration tests
9. 8
White Paper
Qubole evaluates the design and operation of its overall ISMS for compliance with internal and external standards. We
engage credentialed assessors to perform external audits at least once per year including the following organizations.
AUDITS, COMPLIANCE AND 3RD-PARTY
ASSESSMENTS
Cloud Security Alliance
Qubole has completed the Consensus Assessment
Initiative Questionnaire (CAIQ). This program outlines
more than 200 questions relating to cloud services,
and privacy. A copy of this document is available from
your account manager or account executive. The current
Cloud Security Alliance CAIQ is free to download and can
be found here.To learn more about Qubole’s responses
to the CAIQ, please reach out to Qubole Sales.
AICPA Service Organization Controls 2
Type 2 (SOC2)
Qubole has successfully completed the SOC 2 Type II
examination. The report generated from this extensive
evaluation was conducted by an American Institute of
meets stringent guidelines for data security.
SOC 2 reports are designed to provide information
and assurances that the service delivery processes and
controls used by a SaaS provider meet certain high
and availability. There are two types of SOC 2 reports:
Type I and Type II. We opted for the much more
rigorous Type II report because security is of the utmost
importance to us and to our many clients who entrust us
to power their big data in the cloud initiatives. You can
here.
Privacy Shield
Qubole has engaged with TrustArc (formerly TRUSTe) to
complete and attest to compliance with the US Privacy
Shield regulation around privacy and transfer of EU
Personal Data to the United States.
GDPR and CCPA
.
The General Data Protection Regulation (GDPR) and the
California Consumer Protection Act (CCPA) are new Data
Privacy legislations to provide consumers the right to act on
their personal data collected by 3rd parties. These
regulations outline the importance of data subject’s rights to
Qubole fully supports the GDPR and CCPA as an
opportunity to deepen its commitment to data protection.
Qubole also complies with the GDPR and CCPA in the
delivery of our service to customers and is fully prepared to
handle the intricacies of the areas related to GDPR and
CCPA legislation. Qubole will also continue to enhance data
protection and compliance in the following areas:
1. Accountability, policies, and procedures
2. Compliance and risk activities
3. Implementing additional security measures
4.
Qubole has partnered with a 3rd party to continue to align
innovation in big data to meet the exacting requirements of
the GDPR. In addition, Qubole has created a Data
Processing Addendum as an attachment to its Master
Services Agreement. This document supports our
commitment to this important legislation and is available
through your sales representative.
10. 9
White Paper
HIPAA Compliance
Qubole has attested through a 3rd party auditor to being
45 CFR Part 164, Subpart C compliant. This includes
Administrative, Technical and Physical safeguards as well
as organizational requirements.
ISO-27001
Audit results are shared with senior management and all
Penetration Testing
Qubole engages independent entities to conduct
regular application and infrastructure-level penetration
tests. Results of these tests are shared with senior
management. Qubole’s Security Team reviews and
to resolution. Qubole will share a summary of the most
recently performed tests under non-disclosure upon
request; please reach out to your Qubole account
representative. Customers wishing to conduct their
own penetration test of Qubole’s system can contact
their account representative regarding authorization
to perform this test. Qubole aligns our penetration test
against OWASP Top Ten. In summary, some of the areas
covered are listed below:
A1. Injection Flaws—Qubole not only evaluates
also uses Static Code Analysis Testing during
development.
A2. Broken Authentication—Qubole uses
mechanisms to strengthen and securely
store passwords, secrets and tokens.
A6. —Qubole
removes default components including
disables default services and hardens the
baseline of compute systems.
A7. Cross Site Scripting (XSS)—Qubole
evaluates the three primary types of XSS and
has libraries in place in code to sanitize and
prevent exploitation.
A10. —
Qubole centrally logs all critical system and
application logs. Qubole also has built-in
anomaly detection for questionable events
and actions and monitors for abuse and
attacks through log analytics.
Qubole believes that compliance must be built
throughout the Open Data Lake Platform and, as such,
our processes, procedures, controls, operations and
activities align with the ISO-27001 standards and are
reflected in our policies and other attestation and
certification work. Qubole will certify ISO-27001 within the
next twelve months.
11. 10
White Paper
DESIGN SECURITY
Qubole assesses the security risk of each software
development project according to our Secure
Development Lifecycle. Before completion of the design
phase, we undertake an assessment to qualify the
security risk of the software changes introduced. This
risk analysis leverages both the OWASP Top 10 and
the experience of Qubole’s Product Security team to
categorize every project as High, Medium, or Low risk.
PROTECTING CUSTOMER DATA
The focus of Qubole’s security program is to prevent unauthorized access to customer data. To this end, our team of
dedicated security practitioners, working in partnership with peers across all our teams, take exhaustive steps to identify
and mitigate risks, implement best practices, and constantly evaluate ways to improve our security measures.
Based on this analysis, Qubole creates a set of
requirements that must be met before the resulting
change may be released to production. All code is
checked into a version-controlled repository. Code
changes are subject to peer review and continuous
integration testing. Qubole’s Security Team also operates
continuous automated static analysis using advanced
process are reviewed and followed to resolution by the
Security Team.
Data Encryption
Qubole supports end-to-end encryption throughout
only those users and entities with proper permissions
can access data. Note: Encryption could impact
Open Data Lake performance.
Data in Transit
Qubole transmits data that travels over public networks
using strong encryption. This includes data transmitted
between Qubole clients and the service. Qubole
supports the latest recommended secure cipher suites
Layer Security (TLS) v1.2 (sometimes referred to as SSL or
HTTPS) for communication between customer browsers
and clients, REST API endpoints and Qubole services.
Qubole has enabled this by default.
Qubole also monitors the changing cryptographic
landscape and upgrades the cipher suite choices as the
landscape changes, while also balancing the need for
compatibility with older browsers and endpoints.
12. 11
White Paper
Data at Rest
encryption when copying data to process to slaves and
reporting results to the master node through the Qubole
UI. This feature is located the Control Panel inside of the
drop-down
menu.
Qubole also supports AWS S3 Server-Side Encryption,
when enabled. This ensures that when data is written to
S3, the data will immediately be encrypted on disk. This
customer’s account and is granted to Qubole via the IAM
role in AWS. Refer to the documentation
Data Privacy and Data Integrity
Qubole ACID and Apache Ranger address distinct
requirements of granular data access control and
granular delete/merge/update respectively. Qubole
supports ACID and Apache Ranger across multiple open
source data processing engines, such as Apache Spark,
Presto, or Hive and multiple clouds. Enterprises can now
implement a centralized policy definition and
management across engines and clouds without required
technical expertise for each engine and public cloud
provider. With Qubole’s role-based access control (RBAC)
integrations with Active Directory, LDAP, SAML2.0,
organizations can leverage their existing RBAC solutions
to manage user access to data lakes. Regarding data
integrity supported via Qubole ACID, users can make
inserts, updates, and deletes on transactional Hive
Tables—defined over files in a data lake via Apache
Hive—and query the same via Apache Spark or Presto.
Qubole ACID also supports writes via Spark. Qubole
writes only to changed rows, thus providing faster
rewrites, updates, and deletes. It is most efficient and
performant with built-in write and read optimizations
here.
PLATFORM SECURITY
Firewalling via Security Groups
Qubole applies strict security measures when creating
and maintaining customer clusters. Qubole dynamically
creates security groups around clusters and creates
access keys to clusters and dynamically encrypts
ephemeral storage with one-time use keys that are
destroyed on cluster terminate and are never stored.
This is enforced (at a minimum) with secure permissions
granting access from the Qubole Orchestration Tier to
the Data Plane which resides in the customer’s AWS
account. All communication between the Orchestration
Plane and the Data Plane is encrypted.
Security Event and Incident
Management
Qubole maintains a Security Event and Incident
Management System (SEIM) which is a central platform
where alerts from a variety of sources are forwarded for
review. In the event an event exceeds a given threshold,
the event is forwarded to an on-call engineer for
evaluation and escalation.
Intrusion Detection
Qubole deploys a log and kernel-based intrusion
detection system that captures system changes,
spurious behaviour on instances within the Qubole
Orchestration Tier. When there is an unusual event
detected in system or audit logs or in commands
issued or series of unusual events, alarms are triggered
in accordance with industry best practices and are
forwarded to the SEIM or to an on-call engineer.
Qubole supports customer-supplied and operated
Intrusion Detection (IDS) or Intrusion Prevention (IPS)
services within the customer account via bootstrapping.
Your solutions architect can explain how this works and
here.
13. 12
White Paper
File Integrity
service that detects changes and acts as a defence
against system compromise, malicious behaviour, and
instances within the Qubole Orchestration Tier such as
changes to critical logs, Qubole application code, SetUID
detected, an alert is forwarded to the Qubole SEIM.
Vulnerability Scanning and Detection
Qubole externally and internally scans systems to
determine if there are any application or system-
who work around-the-clock to remediate these risks.
Vulnerability detection is used to identify known software
vulnerabilities in the packages, applications, operating
Standards
Qubole evaluates the baseline of systems deployed in the
Qubole Orchestration Tier using the Center for Internet
Security (CIS) benchmarks. These benchmarks cover not
restrictions around permissions, logs, system binaries.
This benchmark covers more than 150 discrete changes
and is applied to all instances deployed to both the
Qubole Orchestration Tier as well as instances launched
in customer accounts via the Qubole Data Plane Amazon
Machine Instance (AMI).
Authentication
To further reduce the risk of unauthorized data
access, Qubole employs multi-factor authentication
for all administrative access to systems with
more highly sensitive and regulated data. Where
possible and appropriate, Qubole uses unique
private keys for authentication. For example, at this
time, administrative access to production servers
requires operators to connect using both SSH and
a one-time password associated with a device-
Where passwords are used, multi-factor
authentication is enabled for access to sensitive
and regulated data. Passwords are required to be
complex. System passwords are auto-generated
to ensure uniqueness. These system passwords
and accounts must have passwords longer than 20
characters and cannot consist of a single dictionary
word (among other requirements). Qubole
requires personnel to use an approved password
manager. Password managers generate, store and
enter unique and complex passwords. Using a
password manager helps avoid password re-use,
phishing, and other behaviours that can reduce
security.
Customer-Supplied Keys
Qubole also supports Amazon AWS Key Management
Service (KMS). This service stores keys in a shared
Hardware Security Module (HSM) dedicated to
encryption key storage. For more information on how to
documentation.
systems, databases, and services used in Qubole Open
Data Lake Platform. These scans are configured to run
weekly and are remediated based on severity.
14. 13
White Paper
System Monitoring, Logging, And
Alerts
Qubole monitors servers and workstations to retain and
analyse a comprehensive view of the security state of its
corporate and production infrastructure. Administrative
access, use of privileged commands, and system calls on
all servers in Qubole’s production network are logged.
Qubole’s Security Team collects and stores production
logs for analysis. Logs are stored in a separate network.
Access to this network is restricted to members of the
6HFXULW7HDP/RJVDUHSURWHFWHGIURPPRGLȴFDWLRQ
and retained for two years. Log analysis is automated to
the extent practical to detect potential issues and alert
responsible personnel. Alerts are examined and resolved
based on documented priority.
We take a variety of steps to combat the introduction
of malicious or erroneous code to our operating
environment and protect against unauthorized access.
Controlling Change
To minimize the risk of data exposure, Qubole controls
changes, especially changes to production systems, very
carefully. Qubole applies change control requirements
to systems that store data at higher levels of sensitivity.
These requirements are designed to ensure that
changes potentially impacting Customer Data are
documented, tested, and approved before deployment.
Preventing and Detecting Malicious
Code
In addition to general change control procedures that
apply to our systems, Qubole production network is
subject to additional safeguards against malware.
Server Hardening
New servers deployed to production are hardened by
disabling unneeded and potentially insecure services,
removing default passwords, and applying Qubole’s
FXVWRPFRQȴJXUDWLRQVHWWLQJVWRHDFKVHUYHUEHIRUHXVH
Disaster Recovery and Business
Continuity
Qubole uses services provided by its cloud provider
to distribute its production operation across multiple
physical locations. These locations are within one
geographic region, but protect Qubole service from loss
of connectivity, power infrastructure, and other common
ORFDWLRQVSHFLȴFIDLOXUHV3URGXFWLRQWUDQVDFWLRQVDUH
replicated among these discrete operating environments,
to protect the availability of Qubole service in the event
RIDORFDWLRQVSHFLȴFFDWDVWURSKLFHYHQW4XEROHDOVR
retains a full backup copy of production data in a remote
location more than 2500 mile from the location of the
primary operating environment. Full backups are saved
to this remote location once per day and transactions
are saved continuously. Qubole tests backups at least
quarterly to ensure they can be correctly restored.
3rd-Party Suppliers
7RUXQLWVEXVLQHVVHɝFLHQWO4XEROHUHOLHVRQVXE
service organizations. Where those sub-service
organizations may impact the security of Qubole
production environment, Qubole takes appropriate
steps to ensure its security posture is maintained.
Qubole establishes agreements that require service
RUJDQL]DWLRQVDGKHUHWRFRQȴGHQWLDOLWFRPPLWPHQWV
Qubole has made to its users. Qubole monitors the
HHFWLYHRSHUDWLRQRIWKHRUJDQL]DWLRQȇVVDIHJXDUGVE
conducting reviews of its service organization controls
before use and at least annually.
15. 14
White Paper
QUBOLE ON AMAZON AWS
AWS
Setting up a Qubole account and leveraging AWS security
features is a simple process and provides virtually
Whitelisting and granular access controls and, while it is
Qubole support is always available to assist you.
Enterprise Ready
OAuth 2.0 SAML v2 ADFS
Hive Authorization in AWS—
Improving Enterprise-level Security
and Data Governance in the Cloud
AWS storage authorization with Hive authorization. This
improves usability for both cloud-storage administrators
and data administrators, while eliminating errors that
arise from end-user authorization problems. This is
an important milestone on the way to Qubole’s goal
of building a secure, enterprise-level cloud platform.
level checks at query compile time, and consequently
information about Qubole Open Data Lake Platform
and Hive, please see: Security Model Authorization
Creating an Account and Authorizing
Users
To create a Qubole account, visit Qubole and click the
sign-up link in the lower left-hand corner. For security
your account.
Single Sign-On
Qubole supports all industry-standard authentication and authorization protocols including OAuth 2.0, SAML 2.0 and
ADFS. You can also use the Qubole user management features to administer your Qubole users. To locate this feature
in Qubole, navigate to Control Panel Manage Users.
Natively designed for AWS and tightly integrated with its
storage, compute, and other key architectural elements,
running Qubole - Open Data Lake Platform on AWS
provides unparalleled enterprise-level security and data
governance. Account provisioning is straightforward and,
unlike other big data as-a-service providers, Qubole
does not charge you to setup enterprise authentication
and authorization that supports all your business needs.
16. 15
White Paper
OAuth
with Qubole. OAuth extends a token validated against
another form of authorization like Google. Qubole
supports Google OAuth 2.0, Microsoft OAuth 2.0. To use
here for more detailed
setup instructions.
SAML
Security Assertion Markup Language (SAML) is an
enterprise authentication and authorization schema that
provides for centralized authentication and provisioning
of users from a secondary source that can be controlled
by the enterprise. SAML is an open, XML-based standard
including Okta, OneLogin, Ping Identity and others who
support SAML v2.0.
Active Directory Federated Service
(ADFS)
ADFS allows an enterprise to connect to a corporate
Active Directory to enable authentication that aligns with
existing corporate needs.
Accessing Data Securely
Qubole takes advantage of Identity and Access
Management (IAM) roles in AWS to limit access to
resources such as storage and compute. Using a
use Qubole on their behalf. Qubole also provides the
right permissions for your data analysts and operators
to create, run and modify queries and commands.
concerns are addressed including limiting access rights
types of commands your users can execute and the
data engines they can use. For more information, see
Managing Roles in Qubole Open Data Lake Platform.
.
17. 16
White Paper
How IAM Roles Work To Manage
Secure Access And Authorization
Qubole uses AWS IAM roles to limit the privileges
allow Qubole customers to limit privileges to only allow
initiating and terminating instances.
Those instances are then formed into clusters that
allows Qubole to attach a data storage policy to those
resources. This secondary or (dual) role only operates
within the customer’s account and is not accessible
outside of that account by anyone including Qubole.
Qubole will initiate and terminate instances on your
Per-User API Tokens
basis. This provides you with maximum control over your users when used in conjunction with roles described above.
This token can also be reset to comply with more stringent security controls.
You can locate your (user) authentication token by navigating in Open Data Lake Platform to Control Panel My Accounts
Show API Token.
inside of the Qubole Open Data Lake Platform
Control Panel. This includes minimum and maximum
cluster size, spot or on-demand, or a combination of
both using fallback.
18. White Paper
About Qubole
Qubole is passionate about making data-driven insights easily accessible to anyone. Qubole customers currently process nearly an exabyte of data every month,
platform. This cloud-based data platform self-manages, self-optimizes and learns to improve automatically and as a result delivers unbeatable
TCO. Qubole customers focus on their data, not their data platform. Qubole investors include CRV, Lightspeed Venture Partners, Norwest Venture Partners and
IVP. For more information visit www.qubole.com
For more information:
Contact:
sales@qubole.com
Try Qubole Open Data Lake Platform for Free:
AWS Marketplace: Qubole Open Data Lake Platform
469 El Camino Real, Suite 205
Santa Clara, CA 95050
(855) 423-6674 | info@qubole.com
WWW.QUBOLE.COM
CONCLUSION
We take security seriously at Qubole and we pride ourselves on the vigilance we employ to protect our customers’
data assets. We believe that a mature security organization requires coordinated dedication across technology, policy,
procedures, and people. This dedication is underscored by the risk-based approach laid out in this document to
demonstrate strength at every layer of security. From compliance audits to HIVE authorization in AWS, our security
strategy is designed to minimize any potential vulnerability or weakness. We want our customers to know their data is
Learn More
For the latest information about our product and services, please see the following resources:
Qubole Whitepapers
Qubole Case Studies
Qubole Technical Documentation
You can visit the AWS Marketplace anytime
to get up and running with Qubole!
TRY QUBOLE IN AWS TODAY!