Comprehensive Security in Hadoop

Hortonworks Data Platform 2.3 provides a centralized approach to security across the Hadoop stack

Hadoop empowers enterprises to store and process unprecedented volume of data in a shared data lake. But Big Data doesn’t have to incur big risks. The security implications of data lake are far-reaching and effective Hadoop security depends on a holistic approach.

With Hortonworks Data Platform, security is built into the platform and a centralized interface empowers security personnel to administer and manage security policies consistently across all the components of the Hadoop stack.

Security Implications of Data Lake

The successful Hadoop journey typically starts with Data Architecture Optimization or new Advanced Analytic Applications, which leads to the formation of a Data Lake. As large and growing volumes of diverse data are stored in the Data Lake, any breach of this enterprise-wide data can be catastrophic, from privacy violations, to regulatory infractions, to damage to corporate image and long-term shareholder value. The need to protect the Data Lake with comprehensive security is clear due to the following reasons:

  • Data Lake holds vital and often highly sensitive data that has driven an enterprise over its long history
  • External ecosystem of data and operational systems feeding the Data Lake is highly dynamic and can introduce new security threats
  • Users across multiple business units can access the Data Lake using methods of their own choosing, thereby increasing risks of exposure to unauthorized users

To prevent damage to the company’s business, customers, finances and reputation, IT leaders must ensure that their Data Lake meets the same high standards of security as any legacy data environment.

Hortonworks Approach to Enterprise Security

Hortonworks firmly believes that effective Hadoop security depends on a holistic approach. Our framework for comprehensive security revolves around five pillars: administration, authentication, authorization, audit and data protection.

Five Pillars of Enterprise Security

Enterprise Security - Five Pillars

Security administrators must provide enterprise-grade coverage across each of these pillars as they design the infrastructure to secure data in Hadoop because if any of these pillars remains weak, it introduces thread vectors into the entire data lake.

Security Built-in to the Platform

Security must be an integral part of the platform on which an enterprise’s Data Lake is built. The combination of bottom-up and top down approach makes it possible to manage and enforce security across the stack through a central point of administration that prevents gaps and inconsistencies. This approach is especially effective for Hadoop implementations where new applications or data engines are always on the horizon in the form of new Open Source projects, a dynamic scenario that can quickly exacerbate any vulnerabilities.

Hortonworks helps customers maintain the high levels of protection their enterprise data demands by building centralized security administration and management into the DNA of the Hortonworks Data Platform (HDP). HDP provides an enterprise-ready data platform with rich capabilities spanning security, governance and operations. By implementing security at the platform level, Hortonworks ensures that security is consistently administered to any application built on top of the data platform, and makes it easier to build or retire data application without impacting security.


Commitment to Enterprise-Readiness

Hortonworks was founded with the objective to make Hadoop ready for the enterprise and has a strong legacy of significant contributions in this area. This goal of enterprise-readiness led the original Hadoop team at Yahoo! to develop Kerberos as the basis for strong authentication in Hadoop. Since that time, Hortonworks has continued to make significant investments in security. In May 2014, Hortonworks acquired XA Secure, a leading data security company, to accelerate the delivery of a comprehensive approach to Hadoop security. To be consistent with its mission to develop, distribute and support 100% open source Apache Hadoop data platform, Hortonworks immediately incorporated the XA Secure technology into the Hortonworks Data Platform (HDP), while also converting the commercial solution into an open Apache community project called Apache Ranger.

Centralized Security Platform

In order to deliver consistent security administration and management, Hadoop administrators require a centralized user interface—a single pane of glass that can be used to define, administer and manage security policies consistently across all the components of the Hadoop stack. Hortonworks addressed this requirement through Apache Ranger, an integral part of HDP. Ranger enhances the productivity of security administrators and reduces potential errors by empowering them to define security policy once and apply it to all the applicable components across the Hadoop stack from a central location.


Ranger Screenshot

No business can afford to have Big Data insight come at the expense of enterprise security. As you plan your Hadoop strategy, make sure that the platform you choose provides a comprehensive and holistic approach to protect your Data Lake and the valuable information it contains. With Hortonworks, companies can implement a platform with all five pillars of Hadoop security woven into its architecture for centralized and consistent policy management.

White Paper
Big data doesn’t have to incur big risks. Put your data to work without sacrificing peace of mind.
Hortonworks Data Platform
The Hortonworks Data Platform is a 100% open source distribution of Apache Hadoop that is truly enterprise grade having been built, tested and hardened with enterprise rigor.
Get started with Sandbox
Hortonworks Sandbox is a self-contained virtual machine with Apache Hadoop pre-configured alongside a set of hands-on, step-by-step Hadoop tutorials.
Modern Data Architecture
Tackle the challenges of big data. Hadoop integrates with existing EDW, RDBMS and MPP systems to deliver lower cost, higher capacity infrastructure.