IA
Uploaded byInside Analysis
PDF, PPTX1,113 views

To Serve and Protect: Making Sense of Hadoop Security

HP Security Voltage provides data-centric security solutions to protect sensitive data in Hadoop environments. Their solutions leverage tokenization and encryption to safeguard data at rest, in motion, and in use across the data lifecycle. They presented use cases where their technology helped secure financial, healthcare, and telecommunications customer data in Hadoop and other platforms. Questions from analysts focused on implementation experience, performance impacts, integration with authentication, costs, and supported environments and partnerships.

Embed presentation

Download as PDF, PPTX
Grab some coffee and enjoy the pre-­show banter before the top of the hour!
The Briefing Room To Serve and Protect: Making Sense of Hadoop Security
Twitter Tag: #briefr The Briefing Room Welcome Host: Eric Kavanagh eric.kavanagh@bloorgroup.com @eric_kavanagh
Twitter Tag: #briefr The Briefing Room   Reveal the essential characteristics of enterprise software, good and bad   Provide a forum for detailed analysis of today s innovative technologies   Give vendors a chance to explain their product to savvy analysts   Allow audience members to pose serious questions... and get answers! Mission
Twitter Tag: #briefr The Briefing Room Topics September: HADOOP 2.0 October: DATA MANAGEMENT November: ANALYTICS
Twitter Tag: #briefr The Briefing Room
Twitter Tag: #briefr The Briefing Room Analyst: Robin Bloor Robin Bloor is Chief Analyst at The Bloor Group robin.bloor@bloorgroup.com @robinbloor
Twitter Tag: #briefr The Briefing Room HP Security Voltage   HP recently acquired Voltage Security (now HP Security Voltage) to expand its data security solutions for big data and the cloud   HP Security Voltage provides data and email protection   Its security product features data encryption, tokenization and key management over structured and unstructured data, including data in Hadoop
Twitter Tag: #briefr The Briefing Room Guest: Sudeep Venkatesh Sudeep Venkatesh is a noted expert in data protection solutions, bringing over a decade of industry and technology experience in this area to HP Security Voltage. His expertise spans data protection, security infrastructures, cloud security, identity and access management, encryption, and the PCI standards both for the commercial and government sectors. He has worked on numerous global security projects with Fortune 500 firms in the United States and globally. At HP Security Voltage, Sudeep serves in the position of Vice President of Solution Architecture, with responsibility over designing solutions for some of HP Security Voltage's largest customers in the end-to-end data protection portfolio. This includes email, file and document encryption, as well as the protection of sensitive data in databases, applications and payments systems.
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.© Copyright 2015Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted HP Security Voltage Data-Centric Security & Encryption Solutions Sudeep Venkatesh September 22, 2015
Monetization Data Sold on Black Market Research Potential Targets Research Infiltration Phishing Attack and Malware Discovery Mapping Breached Environment Capture Obtain data Attack Life Cycle Exfiltration/Damage Exfiltrate/Destroy Stolen Data
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Why is Securing Hadoop Difficult? • Multiple sources of data from multiple enterprise systems, and real-time feeds with varying (or unknown) protection requirements • Rapid innovation in a well-funded open-source developer community • Multiple types of data combined together in the Hadoop “data lake”
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Why is Securing Hadoop Difficult? • Automatic replication of data across multiple nodes once entered into the HDFS data store • Access by many different users with varying analytic needs • Reduced control if Hadoop clusters are deployed in a cloud environment
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Existing Ways to Secure Hadoop •  Existing IT security − Network firewalls − Logging and monitoring − Configuration management Need to augment these with “data-centric” protection of data in use, in motion and at rest •  Enterprise-scale security for Apache Hadoop − Apache Knox: Perimeter security − Kerberos: Strong authentication − Apache Ranger: Monitoring and Management
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. What is Data-Centric Protection? Storage File Systems Databases Data & Applications Traditional IT Infrastructure Security Disk Encryption Database Encryption SSL/TLS/Firewalls Security Gap Security Gap Security Gap Security Gap SSL/TLS/Firewalls Authentication Management Middleware Threats to Data Malware, Insiders SQL Injection, Malware Traffic Interceptors Malware, Insiders Credential Compromise Data Ecosystem DataSecurityCoverage Security Gaps
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. What Kind of Protection Closes the Security Gap?
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. End-to-End Sensitive Data Protection at Rest, in Motion, and in Use Storage File Systems Databases Data & Applications Traditional IT Infrastructure Security Disk Encryption Database Encryption SSL/TLS/Firewalls Security Gap Security Gap Security Gap Security Gap SSL/TLS/Firewalls Authentication Management Middleware Threats to Data Malware, Insiders SQL Injection, Malware Traffic Interceptors Malware, Insiders Credential Compromis e Data Ecosystem DataSecurityCoverage Security Gaps HP Security Voltage Data-centric Security End-to-end DataProtection
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. How to Protect Your Data Credit Card 1234 5678 8765 4321 SSN 934-72-2356 Email bob@voltage.com DOB 31-07-1966 AES FIWUYBw3Oiuqwri uweuwr %oIUOw1DF^ 8juYE %Uks&dDFa2 345^WFLERG lja&3k24kQotugD F2390^32 OOWioNu2(*872 weWOiuqwriuwe uwr%oIUOw1@ 3k24kQotugDF 2390^320OW %i Full 8736 5533 4678 9453 347-98-8309 hry@ghohawd.jiw 20-05-1972 Partial 1234 5681 5310 4321 634-34-2356 hry@ghohawd.jiw 20-05-1972 Obvious 8736 5533 4678 9453 347-98-8309 hry@ghohawd.jiw 20-05-1972 Field Level, Format-Preserving, Reversible Data De-Identification
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Solution Use Case: Global Financial Services Company •  Customer is rapidly moving to adopt open source storage and data analysis platforms •  Use cases: Fraud detection, marketing (360 degree view of what the customer is doing, to provide more relevant marketing), creating data sets or reports to sell or provide to other companies, financial modeling •  Invested in multiple data warehouse and big data platforms •  Using complex ETL tools to import data into Hadoop from sources including mainframe, distributed databases, flat files, etc. •  Protection in Hadoop is the first step in an enterprise wide data protection strategy Need •  Protect sensitive PCI and PII data as it is being imported into Hadoop. Fields protected include PAN, Bank Account, SSN, Address, City, Zip Code, Date of Birth •  HP Secure Stateless Tokenization (SST) offers PCI audit scope reduction for the Hadoop environment •  Central key and policy management infrastructure can scale enterprise wide to mainframe and distributed platforms •  Data can be protected at ingestion through integration with Sqoop and MapReduce
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Solution •  Better health analysis to customers: One of their use cases for Hadoop is to provide better analysis of health status to customers on their web site •  Catch prescription fraud: Fraudsters collect prescriptions from 5-6 doctors and get them filled by 5-6 pharmacies. The manual process takes several weeks to track. Hadoop will enable them to do this almost instantly •  Reverse claim overpayment: Often times claims are overpaid based on errors and mistakes. They hope to catch this as it happens with Hadoop •  Developer hackathons: Open the system up to their Hadoop developers as a sandbox, enabling innovation, discovery and competitive advantage – without risk Use Case: Health Care Insurance Company Need •  Utilized the massive un-tapped data sets for analysis that were hampered by compliance and risk •  Integrated HP SecureData in Sqoop so data is de-identified as it is copied from databases •  Ability to initially scale to 1000 Hadoop nodes •  Currently investigating the use of HP SecureData enterprise wide for open systems and mainframe platforms •  Enabling innovation through data access without risk with HIPAA/HITECH regulated data sets
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Use Case : Global Telecommunications Leader Protecting PII Throughout Large Scale Legacy and New Applications •  Protect 26 data types constituting PII, 500 Apps, mainframe, Teradata, Windows, Unix •  Secure data types regardless of platform •  Support wide variety of platforms including mainframe, open systems and big data platforms •  Reduce costs of having to protect data in each app and each database Need •  HP SecureData with HP Format-Preserving Encryption applied to hundreds of apps and databases •  Preservation of data formats and relationships •  Native support for z/OS, Teradata, Hadoop and Open Systems Solution •  Created SaaS, leveraged company-wide •  Protected 26 data types in over 700 applications •  Solution management required less than 1 FTE Results
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Voltage, a Leader in Data-Centric Security safeguarding data throughout its entire lifecycle – at rest, in motion, in use – across big data, cloud, on-premise and mobile environments with continuous protection www.voltage.com/hadoop
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Questions?
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Thank you
Twitter Tag: #briefr The Briefing Room Perceptions & Questions Analyst: Robin Bloor
Securing Hadoop Robin Bloor, PhD
The Sorry Truth Security was never engineered into IT systems It was always an afterthought So it is with Hadoop
Windows of Opportunity… u  The “security surface” that needs protection is always growing u  Security solutions tend to be fragmented u  The value targets are health and credit card data u  Big data is just another opportunity for the cyber thief – only bigger
Hadoop Staging
Hadoop In Use
Hadoop Security u  Hadoop presents a wide area of vulnerability u  Role-based access is required (for self-service) u  Encryption is probably a necessity u  Format-preserving encryption is preferable
The Net Net IT security is STRATEGIC Encryption is a primary plank of this
u  How “inconvenient” is HP Voltage Security? Please describe an implementation. What does the user experience? u  Security often comes with performance penalties. What is the performance cost of HP Security Voltage? u  Security needs to be integrated, so encryption needs to shake hands with authentication. How does this work with HP Voltage? u  Costs?
u  Are there any environments to which HP Security Voltage’s technology is inapplicable: OLTP, Data Streaming & Streaming Analytics, BI, Mobile, Cloud,… u  Which platforms/environments are supported? u  Which other security vendors/technologies does HP partner with for data center solutions?
Twitter Tag: #briefr The Briefing Room
Twitter Tag: #briefr The Briefing Room Upcoming Topics www.insideanalysis.com September: HADOOP 2.0 October: DATA MANAGEMENT November: ANALYTICS
Twitter Tag: #briefr The Briefing Room THANK YOU for your ATTENTION! Some images provided courtesy of Wikimedia Commons

More Related Content

PDF
Pivotal Digital Transformation Forum: Data Science
byVMware Tanzu
 
PPTX
Perspectives on Ethical Big Data Governance
byCloudera, Inc.
 
PDF
Data Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
byVlad Catrinescu
 
PDF
How to Crunch Petabytes with Hadoop and Big Data Using InfoSphere BigInsights...
byDATAVERSITY
 
PPTX
Intel boubker el mouttahid
byBigDataExpo
 
PPSX
Reddix Group - Quantum AI - Presentation
byJoe Reddix
 
PPTX
Ciso round table on effective implementation of dlp & data security
byPriyanka Aash
 
PDF
Security and privacy of cloud data: what you need to know (Interop)
byDruva
 
Pivotal Digital Transformation Forum: Data Science
byVMware Tanzu
 
Perspectives on Ethical Big Data Governance
byCloudera, Inc.
 
Data Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
byVlad Catrinescu
 
How to Crunch Petabytes with Hadoop and Big Data Using InfoSphere BigInsights...
byDATAVERSITY
 
Intel boubker el mouttahid
byBigDataExpo
 
Reddix Group - Quantum AI - Presentation
byJoe Reddix
 
Ciso round table on effective implementation of dlp & data security
byPriyanka Aash
 
Security and privacy of cloud data: what you need to know (Interop)
byDruva
 

What's hot

PDF
Protecting Corporate Data When an Employee Leaves: Survey and Best Practices
byDruva
 
PDF
Best Practices for Implementing Data Loss Prevention (DLP)
bySarfaraz Chougule
 
PPTX
Interoperability and the Internet of Things – To standardize or not to standa...
byReal-Time Innovations (RTI)
 
PDF
All Together Now: Connected Analytics for the Internet of Everything
byInside Analysis
 
PDF
MT81 Keys to Successful Enterprise IoT Initiatives
byDell EMC World
 
PDF
The Convergence of IT, Operational Technology and the Internet of Things (IoT)
byJackson Shaw
 
PPTX
4 ways to cut your e discovery costs in half-webinar-exterro-druva
byDruva
 
PPTX
Big data security
byCloudBees
 
PPTX
Optimizing Regulatory Compliance with Big Data
byCloudera, Inc.
 
PPTX
Ieee itmsb20
byJuan Carlos Olivares Rojas
 
PDF
2. Enterprise and Business Architecture Cloud Video Data
byMrsAlways RigHt
 
PDF
Cut End-to-End eDiscovery Time in Half: Leveraging the Cloud
byDruva
 
PDF
MT85 Challenges at the Edge: Dell Edge Gateways
byDell EMC World
 
PPT
Big datacamp june14_alex_liu
byData Con LA
 
PPTX
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
byAndris Soroka
 
PDF
Predictive Analytics at the Speed of Business
byDecision Management Solutions
 
PDF
HP Mobility Perspective at the Mobile World Congress 2014 in Barcelona
byPronq by HP
 
PPTX
Foundational Strategies for Trusted Data: Getting Your Data to the Cloud
byPrecisely
 
PDF
Cloud Services & the Development of ISO/IEC 27018
byCorporacion Colombia Digital
 
PPT
Robert Lecklin - BigData is making a difference
byIBM Sverige
 
Protecting Corporate Data When an Employee Leaves: Survey and Best Practices
byDruva
 
Best Practices for Implementing Data Loss Prevention (DLP)
bySarfaraz Chougule
 
Interoperability and the Internet of Things – To standardize or not to standa...
byReal-Time Innovations (RTI)
 
All Together Now: Connected Analytics for the Internet of Everything
byInside Analysis
 
MT81 Keys to Successful Enterprise IoT Initiatives
byDell EMC World
 
The Convergence of IT, Operational Technology and the Internet of Things (IoT)
byJackson Shaw
 
4 ways to cut your e discovery costs in half-webinar-exterro-druva
byDruva
 
Big data security
byCloudBees
 
Optimizing Regulatory Compliance with Big Data
byCloudera, Inc.
 
Ieee itmsb20
byJuan Carlos Olivares Rojas
 
2. Enterprise and Business Architecture Cloud Video Data
byMrsAlways RigHt
 
Cut End-to-End eDiscovery Time in Half: Leveraging the Cloud
byDruva
 
MT85 Challenges at the Edge: Dell Edge Gateways
byDell EMC World
 
Big datacamp june14_alex_liu
byData Con LA
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
byAndris Soroka
 
Predictive Analytics at the Speed of Business
byDecision Management Solutions
 
HP Mobility Perspective at the Mobile World Congress 2014 in Barcelona
byPronq by HP
 
Foundational Strategies for Trusted Data: Getting Your Data to the Cloud
byPrecisely
 
Cloud Services & the Development of ISO/IEC 27018
byCorporacion Colombia Digital
 
Robert Lecklin - BigData is making a difference
byIBM Sverige
 

Viewers also liked

PPTX
Generating Insight from Big Data in Energy and the Environment
byDavid Wallom
 
PDF
Real time big data analytical architecture for remote sensing application
byLeMeniz Infotech
 
PPT
Big Data, Security Intelligence, (And Why I Hate This Title)
byCoastal Pet Products, Inc.
 
PPTX
Hdp security overview
byHortonworks
 
PDF
Building Hadoop Data Applications with Kite by Tom White
byThe Hive
 
PPTX
MATATABI: Cyber Threat Analysis and Defense Platform using Huge Amount of Dat...
byAPNIC
 
PPTX
Hadoop and Data Access Security
byCloudera, Inc.
 
DOCX
REAL-TIME BIG DATA ANALYTICAL ARCHITECTURE FOR REMOTE SENSING APPLICATION
byI3E Technologies
 
PDF
Big Data: Opportunities, Strategy and Challenges
byGregg Barrett
 
PPTX
BigDataEurope - Big Data & Energy
byBigData_Europe
 
PPTX
Kerberos, Token and Hadoop
byKai Zheng
 
PPTX
Building hadoop based big data environment
byEvans Ye
 
PPTX
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...
byCA API Management
 
PDF
Smart Analytics For The Utility Sector
byHerman Bosker
 
PDF
Open-BDA - Big Data Hadoop Developer Training 10th & 11th June
byInnovative Management Services
 
PPTX
Big Data, Big Content, and Aligning Your Storage Strategy
byHitachi Vantara
 
PDF
Add
byI3E Technologies
 
PPTX
Hadoop security
byShivaji Dutta
 
PDF
Demystify big data data science
byMahesh Kumar CV
 
PPT
Mr. satish kumar, schnieder electric
byRohan Pinto
 
Generating Insight from Big Data in Energy and the Environment
byDavid Wallom
 
Real time big data analytical architecture for remote sensing application
byLeMeniz Infotech
 
Big Data, Security Intelligence, (And Why I Hate This Title)
byCoastal Pet Products, Inc.
 
Hdp security overview
byHortonworks
 
Building Hadoop Data Applications with Kite by Tom White
byThe Hive
 
MATATABI: Cyber Threat Analysis and Defense Platform using Huge Amount of Dat...
byAPNIC
 
Hadoop and Data Access Security
byCloudera, Inc.
 
REAL-TIME BIG DATA ANALYTICAL ARCHITECTURE FOR REMOTE SENSING APPLICATION
byI3E Technologies
 
Big Data: Opportunities, Strategy and Challenges
byGregg Barrett
 
BigDataEurope - Big Data & Energy
byBigData_Europe
 
Kerberos, Token and Hadoop
byKai Zheng
 
Building hadoop based big data environment
byEvans Ye
 
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...
byCA API Management
 
Smart Analytics For The Utility Sector
byHerman Bosker
 
Open-BDA - Big Data Hadoop Developer Training 10th & 11th June
byInnovative Management Services
 
Big Data, Big Content, and Aligning Your Storage Strategy
byHitachi Vantara
 
Add
byI3E Technologies
 
Hadoop security
byShivaji Dutta
 
Demystify big data data science
byMahesh Kumar CV
 
Mr. satish kumar, schnieder electric
byRohan Pinto
 

Similar to To Serve and Protect: Making Sense of Hadoop Security

PDF
Hortonworks and Voltage Security webinar
byHortonworks
 
PDF
Voltage Security, Protecting Sensitive Data in Hadoop
byHPE Security - Data Security
 
PDF
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
byBigDataEverywhere
 
PPTX
Hadoop and Big Data Security
byChicago Hadoop Users Group
 
PDF
Protecting your data against cyber attacks in big data environments
byat MicroFocus Italy ❖✔
 
PDF
Protecting your data against cyber attacks in big data environments
byat MicroFocus Italy ❖✔
 
PDF
Isaca journal - bridging the gap between access and security in big data...
byUlf Mattsson
 
PPTX
New york oracle users group 2013 spring general meeting ulf mattsson
byUlf Mattsson
 
PDF
Solving the Really Big Tech Problems with IoT
byEric Kavanagh
 
PPTX
HPE Security Keynote from Istanbul 20th Jan 2016
bySteveAtHPE
 
PDF
Five steps to secure big data
byUlf Mattsson
 
PPTX
Hadoop: Making it work for the Business Unit
byDataWorks Summit
 
PDF
Dataguise hortonworks insurance_feb25
byHortonworks
 
PDF
Isaca new delhi india privacy and big data
byUlf Mattsson
 
PPTX
HP Software Performance Tour 2014 - Guarding against the Data Breach
byHP Enterprise Italia
 
PDF
Data Breaches: The Untold Story
byIsabelle Dumont
 
PDF
Hortonworks Protegrity Webinar: Leverage Security in Hadoop Without Sacrifici...
byHortonworks
 
PDF
Meetup presenation 06192013
bySqrrl
 
PDF
Five_Big_Data_Security_Pitfalls
byLaris Orman
 
PPTX
Big data in term of security measure
byYaakub Idris
 
Hortonworks and Voltage Security webinar
byHortonworks
 
Voltage Security, Protecting Sensitive Data in Hadoop
byHPE Security - Data Security
 
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
byBigDataEverywhere
 
Hadoop and Big Data Security
byChicago Hadoop Users Group
 
Protecting your data against cyber attacks in big data environments
byat MicroFocus Italy ❖✔
 
Protecting your data against cyber attacks in big data environments
byat MicroFocus Italy ❖✔
 
Isaca journal - bridging the gap between access and security in big data...
byUlf Mattsson
 
New york oracle users group 2013 spring general meeting ulf mattsson
byUlf Mattsson
 
Solving the Really Big Tech Problems with IoT
byEric Kavanagh
 
HPE Security Keynote from Istanbul 20th Jan 2016
bySteveAtHPE
 
Five steps to secure big data
byUlf Mattsson
 
Hadoop: Making it work for the Business Unit
byDataWorks Summit
 
Dataguise hortonworks insurance_feb25
byHortonworks
 
Isaca new delhi india privacy and big data
byUlf Mattsson
 
HP Software Performance Tour 2014 - Guarding against the Data Breach
byHP Enterprise Italia
 
Data Breaches: The Untold Story
byIsabelle Dumont
 
Hortonworks Protegrity Webinar: Leverage Security in Hadoop Without Sacrifici...
byHortonworks
 
Meetup presenation 06192013
bySqrrl
 
Five_Big_Data_Security_Pitfalls
byLaris Orman
 
Big data in term of security measure
byYaakub Idris
 

More from Inside Analysis

PDF
An Ounce of Prevention: Forging Healthy BI
byInside Analysis
 
PDF
Agile, Automated, Aware: How to Model for Success
byInside Analysis
 
PDF
First in Class: Optimizing the Data Lake for Tighter Integration
byInside Analysis
 
PDF
Fit For Purpose: Preventing a Big Data Letdown
byInside Analysis
 
PDF
The Hadoop Guarantee: Keeping Analytics Running On Time
byInside Analysis
 
PDF
Introducing: A Complete Algebra of Data
byInside Analysis
 
PDF
The Role of Data Wrangling in Driving Hadoop Adoption
byInside Analysis
 
PDF
Ahead of the Stream: How to Future-Proof Real-Time Analytics
byInside Analysis
 
PDF
Goodbye, Bottlenecks: How Scale-Out and In-Memory Solve ETL
byInside Analysis
 
PDF
The Biggest Picture: Situational Awareness on a Global Level
byInside Analysis
 
PDF
Structurally Sound: How to Tame Your Architecture
byInside Analysis
 
PDF
SQL In Hadoop: Big Data Innovation Without the Risk
byInside Analysis
 
PDF
The Perfect Fit: Scalable Graph for Big Data
byInside Analysis
 
PDF
A Revolutionary Approach to Modernizing the Data Warehouse
byInside Analysis
 
PDF
The Maturity Model: Taking the Growing Pains Out of Hadoop
byInside Analysis
 
PDF
Rethinking Data Availability and Governance in a Mobile World
byInside Analysis
 
PDF
DisrupTech - Dave Duggal
byInside Analysis
 
PPTX
Modus Operandi
byInside Analysis
 
PPTX
Phasic Systems - Dr. Geoffrey Malafsky
byInside Analysis
 
PPT
Red Hat - Sarangan Rangachari
byInside Analysis
 
An Ounce of Prevention: Forging Healthy BI
byInside Analysis
 
Agile, Automated, Aware: How to Model for Success
byInside Analysis
 
First in Class: Optimizing the Data Lake for Tighter Integration
byInside Analysis
 
Fit For Purpose: Preventing a Big Data Letdown
byInside Analysis
 
The Hadoop Guarantee: Keeping Analytics Running On Time
byInside Analysis
 
Introducing: A Complete Algebra of Data
byInside Analysis
 
The Role of Data Wrangling in Driving Hadoop Adoption
byInside Analysis
 
Ahead of the Stream: How to Future-Proof Real-Time Analytics
byInside Analysis
 
Goodbye, Bottlenecks: How Scale-Out and In-Memory Solve ETL
byInside Analysis
 
The Biggest Picture: Situational Awareness on a Global Level
byInside Analysis
 
Structurally Sound: How to Tame Your Architecture
byInside Analysis
 
SQL In Hadoop: Big Data Innovation Without the Risk
byInside Analysis
 
The Perfect Fit: Scalable Graph for Big Data
byInside Analysis
 
A Revolutionary Approach to Modernizing the Data Warehouse
byInside Analysis
 
The Maturity Model: Taking the Growing Pains Out of Hadoop
byInside Analysis
 
Rethinking Data Availability and Governance in a Mobile World
byInside Analysis
 
DisrupTech - Dave Duggal
byInside Analysis
 
Modus Operandi
byInside Analysis
 
Phasic Systems - Dr. Geoffrey Malafsky
byInside Analysis
 
Red Hat - Sarangan Rangachari
byInside Analysis
 

Recently uploaded

PDF
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
PPTX
The Landscape of Computer Software Development Companies
byYash Singh
 
DOCX
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
PDF
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
PDF
December Patch Tuesday
byIvanti
 
PDF
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
PDF
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
PDF
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
PDF
Incident Response Planning with a Foundation Model
byKim Hammar
 
PDF
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
PDF
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
PDF
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
PDF
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PDF
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
PPTX
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
PDF
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
The Landscape of Computer Software Development Companies
byYash Singh
 
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
December Patch Tuesday
byIvanti
 
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
Incident Response Planning with a Foundation Model
byKim Hammar
 
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 

To Serve and Protect: Making Sense of Hadoop Security

  • 1.
    Grab some coffee and enjoythe pre-­show banter before the top of the hour!
  • 2.
    The Briefing Room ToServe and Protect: Making Sense of Hadoop Security
  • 3.
    Twitter Tag: #briefrThe Briefing Room Welcome Host: Eric Kavanagh eric.kavanagh@bloorgroup.com @eric_kavanagh
  • 4.
    Twitter Tag: #briefrThe Briefing Room   Reveal the essential characteristics of enterprise software, good and bad   Provide a forum for detailed analysis of today s innovative technologies   Give vendors a chance to explain their product to savvy analysts   Allow audience members to pose serious questions... and get answers! Mission
  • 5.
    Twitter Tag: #briefrThe Briefing Room Topics September: HADOOP 2.0 October: DATA MANAGEMENT November: ANALYTICS
  • 6.
    Twitter Tag: #briefrThe Briefing Room
  • 7.
    Twitter Tag: #briefrThe Briefing Room Analyst: Robin Bloor Robin Bloor is Chief Analyst at The Bloor Group robin.bloor@bloorgroup.com @robinbloor
  • 8.
    Twitter Tag: #briefrThe Briefing Room HP Security Voltage   HP recently acquired Voltage Security (now HP Security Voltage) to expand its data security solutions for big data and the cloud   HP Security Voltage provides data and email protection   Its security product features data encryption, tokenization and key management over structured and unstructured data, including data in Hadoop
  • 9.
    Twitter Tag: #briefrThe Briefing Room Guest: Sudeep Venkatesh Sudeep Venkatesh is a noted expert in data protection solutions, bringing over a decade of industry and technology experience in this area to HP Security Voltage. His expertise spans data protection, security infrastructures, cloud security, identity and access management, encryption, and the PCI standards both for the commercial and government sectors. He has worked on numerous global security projects with Fortune 500 firms in the United States and globally. At HP Security Voltage, Sudeep serves in the position of Vice President of Solution Architecture, with responsibility over designing solutions for some of HP Security Voltage's largest customers in the end-to-end data protection portfolio. This includes email, file and document encryption, as well as the protection of sensitive data in databases, applications and payments systems.
  • 10.
    © Copyright 2015Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.© Copyright 2015Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted HP Security Voltage Data-Centric Security & Encryption Solutions Sudeep Venkatesh September 22, 2015
  • 11.
    Monetization Data Sold onBlack Market Research Potential Targets Research Infiltration Phishing Attack and Malware Discovery Mapping Breached Environment Capture Obtain data Attack Life Cycle Exfiltration/Damage Exfiltrate/Destroy Stolen Data
  • 12.
    © Copyright 2014Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Why is Securing Hadoop Difficult? • Multiple sources of data from multiple enterprise systems, and real-time feeds with varying (or unknown) protection requirements • Rapid innovation in a well-funded open-source developer community • Multiple types of data combined together in the Hadoop “data lake”
  • 13.
    © Copyright 2014Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Why is Securing Hadoop Difficult? • Automatic replication of data across multiple nodes once entered into the HDFS data store • Access by many different users with varying analytic needs • Reduced control if Hadoop clusters are deployed in a cloud environment
  • 14.
    © Copyright 2014Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Existing Ways to Secure Hadoop •  Existing IT security − Network firewalls − Logging and monitoring − Configuration management Need to augment these with “data-centric” protection of data in use, in motion and at rest •  Enterprise-scale security for Apache Hadoop − Apache Knox: Perimeter security − Kerberos: Strong authentication − Apache Ranger: Monitoring and Management
  • 15.
    © Copyright 2015Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. What is Data-Centric Protection? Storage File Systems Databases Data & Applications Traditional IT Infrastructure Security Disk Encryption Database Encryption SSL/TLS/Firewalls Security Gap Security Gap Security Gap Security Gap SSL/TLS/Firewalls Authentication Management Middleware Threats to Data Malware, Insiders SQL Injection, Malware Traffic Interceptors Malware, Insiders Credential Compromise Data Ecosystem DataSecurityCoverage Security Gaps
  • 16.
    © Copyright 2015Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. What Kind of Protection Closes the Security Gap?
  • 17.
    © Copyright 2015Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. End-to-End Sensitive Data Protection at Rest, in Motion, and in Use Storage File Systems Databases Data & Applications Traditional IT Infrastructure Security Disk Encryption Database Encryption SSL/TLS/Firewalls Security Gap Security Gap Security Gap Security Gap SSL/TLS/Firewalls Authentication Management Middleware Threats to Data Malware, Insiders SQL Injection, Malware Traffic Interceptors Malware, Insiders Credential Compromis e Data Ecosystem DataSecurityCoverage Security Gaps HP Security Voltage Data-centric Security End-to-end DataProtection
  • 18.
    © Copyright 2015Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. How to Protect Your Data Credit Card 1234 5678 8765 4321 SSN 934-72-2356 Email bob@voltage.com DOB 31-07-1966 AES FIWUYBw3Oiuqwri uweuwr %oIUOw1DF^ 8juYE %Uks&dDFa2 345^WFLERG lja&3k24kQotugD F2390^32 OOWioNu2(*872 weWOiuqwriuwe uwr%oIUOw1@ 3k24kQotugDF 2390^320OW %i Full 8736 5533 4678 9453 347-98-8309 hry@ghohawd.jiw 20-05-1972 Partial 1234 5681 5310 4321 634-34-2356 hry@ghohawd.jiw 20-05-1972 Obvious 8736 5533 4678 9453 347-98-8309 hry@ghohawd.jiw 20-05-1972 Field Level, Format-Preserving, Reversible Data De-Identification
  • 19.
    © Copyright 2015Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Solution Use Case: Global Financial Services Company •  Customer is rapidly moving to adopt open source storage and data analysis platforms •  Use cases: Fraud detection, marketing (360 degree view of what the customer is doing, to provide more relevant marketing), creating data sets or reports to sell or provide to other companies, financial modeling •  Invested in multiple data warehouse and big data platforms •  Using complex ETL tools to import data into Hadoop from sources including mainframe, distributed databases, flat files, etc. •  Protection in Hadoop is the first step in an enterprise wide data protection strategy Need •  Protect sensitive PCI and PII data as it is being imported into Hadoop. Fields protected include PAN, Bank Account, SSN, Address, City, Zip Code, Date of Birth •  HP Secure Stateless Tokenization (SST) offers PCI audit scope reduction for the Hadoop environment •  Central key and policy management infrastructure can scale enterprise wide to mainframe and distributed platforms •  Data can be protected at ingestion through integration with Sqoop and MapReduce
  • 20.
    © Copyright 2015Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Solution •  Better health analysis to customers: One of their use cases for Hadoop is to provide better analysis of health status to customers on their web site •  Catch prescription fraud: Fraudsters collect prescriptions from 5-6 doctors and get them filled by 5-6 pharmacies. The manual process takes several weeks to track. Hadoop will enable them to do this almost instantly •  Reverse claim overpayment: Often times claims are overpaid based on errors and mistakes. They hope to catch this as it happens with Hadoop •  Developer hackathons: Open the system up to their Hadoop developers as a sandbox, enabling innovation, discovery and competitive advantage – without risk Use Case: Health Care Insurance Company Need •  Utilized the massive un-tapped data sets for analysis that were hampered by compliance and risk •  Integrated HP SecureData in Sqoop so data is de-identified as it is copied from databases •  Ability to initially scale to 1000 Hadoop nodes •  Currently investigating the use of HP SecureData enterprise wide for open systems and mainframe platforms •  Enabling innovation through data access without risk with HIPAA/HITECH regulated data sets
  • 21.
    © Copyright 2014Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Use Case : Global Telecommunications Leader Protecting PII Throughout Large Scale Legacy and New Applications •  Protect 26 data types constituting PII, 500 Apps, mainframe, Teradata, Windows, Unix •  Secure data types regardless of platform •  Support wide variety of platforms including mainframe, open systems and big data platforms •  Reduce costs of having to protect data in each app and each database Need •  HP SecureData with HP Format-Preserving Encryption applied to hundreds of apps and databases •  Preservation of data formats and relationships •  Native support for z/OS, Teradata, Hadoop and Open Systems Solution •  Created SaaS, leveraged company-wide •  Protected 26 data types in over 700 applications •  Solution management required less than 1 FTE Results
  • 22.
    © Copyright 2015Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Voltage, a Leader in Data-Centric Security safeguarding data throughout its entire lifecycle – at rest, in motion, in use – across big data, cloud, on-premise and mobile environments with continuous protection www.voltage.com/hadoop
  • 23.
    © Copyright 2014Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Questions?
  • 24.
    © Copyright 2014Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Thank you
  • 25.
    Twitter Tag: #briefrThe Briefing Room Perceptions & Questions Analyst: Robin Bloor
  • 26.
  • 27.
    The Sorry Truth Securitywas never engineered into IT systems It was always an afterthought So it is with Hadoop
  • 28.
    Windows of Opportunity… u The “security surface” that needs protection is always growing u  Security solutions tend to be fragmented u  The value targets are health and credit card data u  Big data is just another opportunity for the cyber thief – only bigger
  • 29.
  • 30.
  • 31.
    Hadoop Security u  Hadooppresents a wide area of vulnerability u  Role-based access is required (for self-service) u  Encryption is probably a necessity u  Format-preserving encryption is preferable
  • 32.
    The Net Net ITsecurity is STRATEGIC Encryption is a primary plank of this
  • 33.
    u  How “inconvenient”is HP Voltage Security? Please describe an implementation. What does the user experience? u  Security often comes with performance penalties. What is the performance cost of HP Security Voltage? u  Security needs to be integrated, so encryption needs to shake hands with authentication. How does this work with HP Voltage? u  Costs?
  • 34.
    u  Are thereany environments to which HP Security Voltage’s technology is inapplicable: OLTP, Data Streaming & Streaming Analytics, BI, Mobile, Cloud,… u  Which platforms/environments are supported? u  Which other security vendors/technologies does HP partner with for data center solutions?
  • 35.
    Twitter Tag: #briefrThe Briefing Room
  • 36.
    Twitter Tag: #briefrThe Briefing Room Upcoming Topics www.insideanalysis.com September: HADOOP 2.0 October: DATA MANAGEMENT November: ANALYTICS
  • 37.
    Twitter Tag: #briefrThe Briefing Room THANK YOU for your ATTENTION! Some images provided courtesy of Wikimedia Commons