Get fresh updates from Hortonworks by email

Once a month, receive latest insights, trends, analytics information and knowledge of Big Data.


Sign up for the Developers Newsletter

Once a month, receive latest insights, trends, analytics information and knowledge of Big Data.


Get Started


Ready to Get Started?

Download sandbox

How can we help you?

* I understand I can unsubscribe at any time. I also acknowledge the additional information found in Hortonworks Privacy Policy.
closeClose button
August 18, 2014
prev slideNext slide

Continued Innovation in Hadoop Security

Screen Shot 2014-08-11 at 1.07.49 PMWe are in the midst of a data revolution. Hadoop, powered by Apache Hadoop YARN, enables enterprises to store, process, and innovate around data at a scale never seen before making security a critical consideration. Enterprises are looking for a comprehensive approach to security for their data to realize the full potential of the Hadoop platform unleashed by YARN, the architectural center and the data operating system of Hadoop 2.

Hortonworks and the open community continue to work tirelessly to enhance security in Hadoop. Last week, we shared several blogs that highlight the tremendous innovation underway in the areas of authentication, authorization, auditing, and data protection.

We started last week with a blog introducing Apache Argus – incorporating the key IP from XA Secure – and called on the community to collaborate on an even bigger scale. Argus’ vision is to bring comprehensive security across all components in the Hadoop ecosystem making it easier for the enterprise to manage security policies across authorization, audit and other forms of data security. The Argus charter is a bold vision and in the coming months the team will share our approach to solve some of the biggest challenges around Hadoop security.

We highlighted Apache Knox, which helps Hadoop extend the reach of its services to more users securely by providing a gateway for REST/HTTP based services. Vinay Shukla blogged about a common use case of enabling secure ODBC and JDBC access to Hive, through Apache Knox.

We believe Hadoop can mature only in pure open source model with true collaboration across customers and partners—and security is no exception. We are delighted to showcase our partnership with industry leaders in data protection with the guest blog series last week:

  • Protegrity described how to expand Hadoop security with data-centric security across multiple enterprise systems with Protegrity Vaultless Tokenization for maximum usage of secured data with no data residency issues, and Extended HDFS Encryption for transparent AES file encryption.
  • Voltage Security blogged about data-centric security for the protection of sensitive data in Hadoop, from storage level encryption to standards-recognized Voltage Format Preserving Encryption™ (FPE) and Secure Stateless Tokenization™ to maintain referential integrity of de-identified data, enable regulatory compliance, and neutralize data breaches.
  • Dataguise discussed the use of data discovery and protection with DGSecure which scans data in structured, semi-structured or unstructured formats to provide security at the field level via masking or encryption, along with dashboard reporting.

For a key feature—native encryption of data at rest—the Hadoop community has been working to address this gap. To that end, the community is in the process of voting on this feature. When Transparent Data Encryption in HDFS is completed, data in HDFS can be encrypted natively.

The Hadoop community has worked to provide a Key Management Server (KMS) out of box. With the Key Provider API, Hadoop components can easily integrate with the Key Management software of their choice. This API allows enterprises to plug in their existing corporate standard Key Management software to leverage common Key Management across various components in the stack such as Databases, Email, and Hadoop.

What’s Next?

With the investments and commitments across the Hadoop ecosystem, we look forward to the next phase of the data revolution where the customer can leverage the full power of the next generation platform, with the confidence that their data are protected in all phases: ingest, processing, access, and egress.

Stay tuned for next set of blog series on Argus, Knox, Encryption and more..


Leave a Reply

Your email address will not be published. Required fields are marked *

If you have specific technical questions, please post them in the Forums