Securely explore your data
BREAKING DOWN
DATA SILOS WITH
SQRRL ENTERPRISE
Adam Fuchs
CTO: Sqrrl Data, Inc.
February 26, 20...
DATABASES ARE GREAT!
•  Decouple data providers and consumers
•  Enable independent development
Database
Data Provider Dat...
COMPLEX SECURITY POLICIES
Healthcare Example
PII
Sensitive Diagnoses
Doctor’s Notes
3© 2014 Sqrrl | All Rights Reserved
TRADITIONAL SECURITY
Build security policy logic into the application
Database
Data Provider
Security
Policy
Data Consumer...
MORE COMPLEX SECURITY...
5
Claims Data
EMRs
Public
Records
Genomic Data
Healthcare Fraud / Automated Diagnosis App
© 2014 ...
COMBINATORIAL COMPLEXITY
Database
Data Provider
Security
Policy
Data Consumer
Security
Data Consumer
Security
Data Consume...
COMBINATORIAL COMPLEXITY
Database
Data
Provider
Security
Policy
Data
Consumer
Security
Data
Consumer
Security
Data
Consume...
ADVANCES IN IDENTITY AND
AUTHORIZATION MANAGEMENT
Federated Identity
"  Use common services for
authentication
"  Leverage...
DATA-CENTRIC SECURITY
•  Move policy enforcement out of the app and into
the database
•  Separate development of analysis ...
•  Sorted Key/Value Store
•  Fine-grained access control
(cell-level security)
•  Modeled after Google’s Bigtable
•  Distr...
Row Col. Fam. Col. Qual. Visibility Timestamp Value
John Doe Notes 2012-09-12 PCP_JD 20120912
Patient suffers
from an acut...
DATA-CENTRIC ECOSYSTEM
12© 2014 Sqrrl | All Rights Reserved
DATA-CENTRIC SECURITY
ENABLES...
Secure Indexes
"  Challenge: Indexes reveal
information about the data
they represent
"  ...
Proxy Logs
BUILDING A SECURE KNOWLEDGE-BASE
14
Source Protocol Destination Port Bytes In Bytes Out
10.1.2.3 http google.co...
Proxy Logs
BUILDING A SECURE KNOWLEDGE-BASE
15
Source Protocol Destination Port Bytes In Bytes Out
10.1.2.3 http google.co...
BUILDING A SECURE KNOWLEDGE-BASE
© 2014 Sqrrl | All Rights Reserved 16
Data-centric security
makes this possible.
•  Multi...
HOW TO LEARN MORE
Sqrrl Data, Inc.
"  Big Data Platform with Data-Centric Security
" sqrrl.com
Download our White Paper
" ...
18
Coming Up
"  Big Data Techcon
March 31-April 2, Cambridge MA
"  Accumulo Summit
June 12, Greenbelt MD
Accumulosummit.co...
Securely explore your data
THANK YOU
Adam Fuchs
CTO: Sqrrl Data, Inc.
February 26, 2014
Upcoming SlideShare
Loading in …5
×

Sqrrl February Webinar: Breaking Down Data Silos

542 views

Published on

In this talk, Adam Fuchs, the CTO of Sqrrl and co-founder of the Accumulo project discusses some of the lessons learned for properly architecting, applying, and managing cell-level security labels in customer environments.

Published in: Data & Analytics, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
542
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Sqrrl February Webinar: Breaking Down Data Silos

  1. 1. Securely explore your data BREAKING DOWN DATA SILOS WITH SQRRL ENTERPRISE Adam Fuchs CTO: Sqrrl Data, Inc. February 26, 2014
  2. 2. DATABASES ARE GREAT! •  Decouple data providers and consumers •  Enable independent development Database Data Provider Data Consumer ... but how can we handle complex security policies? © 2014 Sqrrl | All Rights Reserved 2
  3. 3. COMPLEX SECURITY POLICIES Healthcare Example PII Sensitive Diagnoses Doctor’s Notes 3© 2014 Sqrrl | All Rights Reserved
  4. 4. TRADITIONAL SECURITY Build security policy logic into the application Database Data Provider Security Policy Data Consumer Security © 2014 Sqrrl | All Rights Reserved 4 Application Implements Security Through: •  Database Views •  Query Rewriting
  5. 5. MORE COMPLEX SECURITY... 5 Claims Data EMRs Public Records Genomic Data Healthcare Fraud / Automated Diagnosis App © 2014 Sqrrl | All Rights Reserved
  6. 6. COMBINATORIAL COMPLEXITY Database Data Provider Security Policy Data Consumer Security Data Consumer Security Data Consumer Security Data Provider Security Policy Data Provider Security Policy © 2014 Sqrrl | All Rights Reserved 6
  7. 7. COMBINATORIAL COMPLEXITY Database Data Provider Security Policy Data Consumer Security Data Consumer Security Data Consumer Security Data Provider Security Policy Data Provider Security Policy •  Security complexity grows with sources •  Leads to apps specializing on security •  Apps should be focused on analytics •  App maintenance, policy changes complicate the story •  Cannot scale without data-centric security © 2014 Sqrrl | All Rights Reserved 7
  8. 8. ADVANCES IN IDENTITY AND AUTHORIZATION MANAGEMENT Federated Identity "  Use common services for authentication "  Leverage technology like OpenID, PKI, Single Sign- On, Kerberos "  Reduces administrative burden for user management Federated Authorization "  Delegate authorization to common services "  Leverage technology like OAuth, SAML, LDAP, AD "  Ties into Data-Centric Security concept © 2014 Sqrrl | All Rights Reserved 8
  9. 9. DATA-CENTRIC SECURITY •  Move policy enforcement out of the app and into the database •  Separate development of analysis from security •  Layer with traditional security elements •  Access control, auditing, encryption, ... Data carries with it information needed to make access control decisions. © 2014 Sqrrl | All Rights Reserved 9
  10. 10. •  Sorted Key/Value Store •  Fine-grained access control (cell-level security) •  Modeled after Google’s Bigtable •  Distributed, Shared-Nothing Architecture •  Scales to 10s of Petabytes •  Originally Developed in the US Intelligence Community •  Now Open-Source, Apache Software Foundation: accumulo.apache.org © 2014 Sqrrl | All Rights Reserved In# Memory* Map* Write*Ahead* Log* (For*Recovery)* Sorted,* Indexe d*File* Sorted,* Indexe d*File* Sorted,* Indexe d*File* Tablet'Data'Flow' Reads& Iterator* Tree* Minor& Compac 0on& Merging&/&Major& Compac0on& Iterator* Tree* Writes& Iterator* Tree* Scan& Tablet*Server* Tablet* Tablet*Server* Tablet* Tablet*Server* Tablet* ApplicaAon* Zookeeper* Zookeeper* Zookeeper* Master* HDFS* Read/Write& Store/Replicate& Assign/Balance& Delegate&Authority& Delegate&Authority& ApplicaAon* ApplicaAon*
  11. 11. Row Col. Fam. Col. Qual. Visibility Timestamp Value John Doe Notes 2012-09-12 PCP_JD 20120912 Patient suffers from an acute … John Doe Test Results Cholesterol JD|PCP_JD 20120912 183 John Doe Test Results Mental Health JD|PSYCH_JD 20120801 Pass John Doe Test Results X-Ray JD|PCP_JD 20120513 1010110110100… ACCUMULO DATA FORMAT 11© 2014 Sqrrl | All Rights Reserved Key Value Cell-Level Tagging
  12. 12. DATA-CENTRIC ECOSYSTEM 12© 2014 Sqrrl | All Rights Reserved
  13. 13. DATA-CENTRIC SECURITY ENABLES... Secure Indexes "  Challenge: Indexes reveal information about the data they represent "  Solution: Preserve the security model in an inverted index with data-centric security Secure Knowledge-Bases "  Challenge: Data transformation obscures data source and schema "  Solution: Preserve the security model in linked documents with data-centric security and fine-grained access control © 2014 Sqrrl | All Rights Reserved 13
  14. 14. Proxy Logs BUILDING A SECURE KNOWLEDGE-BASE 14 Source Protocol Destination Port Bytes In Bytes Out 10.1.2.3 http google.com 80 73,824 15,632 10.1.2.4 https facebook.com 443 10,328 13,284,129 10.1.2.4 http google.com 80 623,249 93,125 10.1.2.3 unknown abcd1234.ru 31337 158 523,698,104 10.1.2.3 https netflix.com 443 434,855,357 1,392,994 10.1.2.4 https newcompany.com 443 23,084 583,331 10.1.2.3 ssh 10.1.2.5 22 204 158 © 2014 Sqrrl | All Rights Reserved
  15. 15. Proxy Logs BUILDING A SECURE KNOWLEDGE-BASE 15 Source Protocol Destination Port Bytes In Bytes Out 10.1.2.3 http google.com 80 73,824 15,632 10.1.2.4 https facebook.com 443 10,328 13,284,129 10.1.2.4 http google.com 80 623,249 93,125 10.1.2.3 unknown abcd1234.ru 31337 158 523,698,104 10.1.2.3 https netflix.com 443 434,855,357 1,392,994 10.1.2.4 https newcompany.com 443 23,084 583,331 10.1.2.3 ssh 10.1.2.5 22 204 158 © 2014 Sqrrl | All Rights Reserved Customer Access Logs Time IP Address Username Location 12:38:01 10.1.2.4 johndoe Seattle 12:38:07 10.1.2.3 janedoe Boston google.com 10.1.2.3 facebook.com abcd1234.ru netflix.com 10.1.2.4 10.1.2.5 johndoe janedoe Source Protocol Destination Port Bytes In Bytes Out 10.1.2.3 http google.com 80 73,824 15,632 10.1.2.4 https facebook.com 443 10,328 13,284,129 10.1.2.4 http google.com 80 623,249 93,125 10.1.2.3 unknown abcd1234.ru 31337 158 523,698,104 10.1.2.3 https netflix.com 443 434,855,357 1,392,994 10.1.2.4 https newcompany.com 443 23,084 583,331 10.1.2.3 ssh 10.1.2.5 22 204 158
  16. 16. BUILDING A SECURE KNOWLEDGE-BASE © 2014 Sqrrl | All Rights Reserved 16 Data-centric security makes this possible. •  Multi-Structured Data •  Multi-Layered Graph •  Multi-Level Security •  Multi-Tenancy •  Universal Search and Discovery •  Simplified Infrastructure •  Rapid Application Innovation
  17. 17. HOW TO LEARN MORE Sqrrl Data, Inc. "  Big Data Platform with Data-Centric Security " sqrrl.com Download our White Paper " www.sqrrl.com/whitepaper Request a demo or one-on-one workshop "  www.sqrrl.com/contact 17© 2014 Sqrrl | All Rights Reserved
  18. 18. 18 Coming Up "  Big Data Techcon March 31-April 2, Cambridge MA "  Accumulo Summit June 12, Greenbelt MD Accumulosummit.com "  “Data Driven Applications with Sqrrl Enterprise” Webinar: March 12, 2pm EST Keep up with us on social media: www.twitter.com/SqrrlData www.facebook.com/SqrrlData www.linkedin.com/company/sqrrl © 2014 Sqrrl | All Rights Reserved
  19. 19. Securely explore your data THANK YOU Adam Fuchs CTO: Sqrrl Data, Inc. February 26, 2014

×