SANS is the largest and most trusted source for information security training in the world and also offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters. Their most recent report, “Enabling Big Data by Removing Security and Compliance Barriers” is the first comprehensive study around security and big data.
Sponsored by Cloudera, this report looks at how big data architectures are being used for production workloads, what security controls are being used, and their effectiveness. From the 206 respondents (with 80% in IT/technical roles), it finds that more than half are actively implementing big data architectures – and in very real ways. 43% of the companies actively implementing them have 10,000 or more employees and data managed in these systems includes personally identifiable information (73%), employee records (63%), intellectual properties (59%), payment card information (52%), and national security intelligence data (40%). Due to this, 83% must comply with one or more regulatory standards.
This information validates what Cloudera has already seen in the industry and our early commitment to comprehensive security and governance. As Hadoop adoption and production usage grew, especially with Fortune 500 companies, there needed to be enterprise-grade security and governance built into the core of the platform. With early, continuous developments – including the acquisition of Gazzang, the establishment of the Center for Security Excellence, and work with Intel on Project Rhino – Cloudera is not only the leader in Hadoop security but also the first and only Hadoop distribution to pass a compliance audit. With our comprehensive, transparent security solution, Cloudera Enterprise is the most secure place for even the most sensitive data.
To manage sensitive data access, this study found that 54% integrate with existing identity and access management systems to manage sensitive data access and 45% authorize user access based on roles (RBAC).
Tools like Apache Sentry, the open source mechanism for unified authorization, directly addresses this need for role-based access controls in Hadoop. This open standard provides an easy and scalable way for administrators to define role-based access controls once, and have it permeate across every access path in Hadoop, including accessing data through a variety of third-party applications – versus having to repeatedly define permissions for each access path for each user. It also leverages groups in Active Directory (addressing the need for integration with identity and access management systems) for seamless, secure integration.
This report also specifically calls out data governance as a critical part of any big data architecture and states, “A strong governance solution must cater to compliance regulations without disrupting the business users and should rely on automation to handle the scalability demanded by big data implementations.” We couldn’t agree more. Cloudera Navigator, part of Cloudera Enterprise, is the first and only integrated data management and governance platform for Hadoop and is designed to meet compliance needs for InfoSec while maintaining business user agility. Additionally, among other critical capabilities, Cloudera Navigator provides high-performance encryption, enterprise-grade key management, and automated auditing and lineage for the platform – which also all ranked as the leading effective security controls.
Security remains a top priority for us and our platform. With the dedicated team in Austin, Texas at the Cloudera Center for Security Excellence, we are continually defining big data security for our customers and our partners.
For more details on Cloudera Security, download the whitepaper, “Securing Your Enterprise Data Hub”
The full report is now available for download. To further discuss the findings of this paper, join Barbara Filkins (Senior Analyst at SANS), John Pescatore (Director of Emerging Technologies at SANS), and Sam Heywood (Director, Cloudera Center for Security Excellence) for a live webinar on June 18th.