Hadoop empowers enterprises to store and process unprecedented volume of data in a shared data lake. But Big Data doesn’t have to incur big risks. The security implications of data lake are far-reaching and effective Hadoop security depends on a holistic approach.
With Hortonworks Data Platform, security is built into the platform and a centralized interface empowers security personnel to administer and manage security policies consistently across all the components of the Hadoop stack.
Security Implications of Data Lake
The successful Hadoop journey typically starts with Data Architecture Optimization or new Advanced Analytic Applications, which leads to the formation of a Data Lake. As large and growing volumes of diverse data are stored in the Data Lake, any breach of this enterprise-wide data can be catastrophic, from privacy violations, to regulatory infractions, to damage to corporate image and long-term shareholder value. The need to protect the Data Lake with comprehensive security is clear due to the following reasons:
- Data Lake holds vital and often highly sensitive data that has driven an enterprise over its long history
- External ecosystem of data and operational systems feeding the Data Lake is highly dynamic and can introduce new security threats
- Users across multiple business units can access the Data Lake using methods of their own choosing, thereby increasing risks of exposure to unauthorized users
To prevent damage to the company’s business, customers, finances and reputation, IT leaders must ensure that their Data Lake meets the same high standards of security as any legacy data environment.
Hortonworks Approach to Enterprise Security
Hortonworks firmly believes that effective Hadoop security depends on a holistic approach. Our framework for comprehensive security revolves around five pillars: administration, authentication, authorization, audit and data protection.
Five Pillars of Enterprise Security
Security administrators must provide enterprise-grade coverage across each of these pillars as they design the infrastructure to secure data in Hadoop because if any of these pillars remains weak, it introduces thread vectors into the entire data lake.
Security Built-in to the Platform
Security must be an integral part of the platform on which an enterprise’s Data Lake is built. The combination of bottom-up and top down approach makes it possible to manage and enforce security across the stack through a central point of administration that prevents gaps and inconsistencies. This approach is especially effective for Hadoop implementations where new applications or data engines are always on the horizon in the form of new Open Source projects, a dynamic scenario that can quickly exacerbate any vulnerabilities.
Hortonworks helps customers maintain the high levels of protection their enterprise data demands by building centralized security administration and management into the DNA of the Hortonworks Data Platform (HDP). HDP provides an enterprise-ready data platform with rich capabilities spanning security, governance and operations. By implementing security at the platform level, Hortonworks ensures that security is consistently administered to any application built on top of the data platform, and makes it easier to build or retire data application without impacting security.
Commitment to Enterprise-Readiness
Hortonworks was founded with the objective to make Hadoop ready for the enterprise and has a strong legacy of significant contributions in this area. This goal of enterprise-readiness led the original Hadoop team at Yahoo! to develop Kerberos as the basis for strong authentication in Hadoop. Since that time, Hortonworks has continued to make significant investments in security. In May 2014, Hortonworks acquired XA Secure, a leading data security company, to accelerate the delivery of a comprehensive approach to Hadoop security. To be consistent with its mission to develop, distribute and support 100% open source Apache Hadoop data platform, Hortonworks immediately incorporated the XA Secure technology into the Hortonworks Data Platform (HDP), while also converting the commercial solution into an open Apache community project called Apache Ranger.
Centralized Security Platform
In order to deliver consistent security administration and management, Hadoop administrators require a centralized user interface—a single pane of glass that can be used to define, administer and manage security policies consistently across all the components of the Hadoop stack. Hortonworks addressed this requirement through Apache Ranger, an integral part of HDP. Ranger enhances the productivity of security administrators and reduces potential errors by empowering them to define security policy once and apply it to all the applicable components across the Hadoop stack from a central location.
No business can afford to have Big Data insight come at the expense of enterprise security. As you plan your Hadoop strategy, make sure that the platform you choose provides a comprehensive and holistic approach to protect your Data Lake and the valuable information it contains. With Hortonworks, companies can implement a platform with all five pillars of Hadoop security woven into its architecture for centralized and consistent policy management.