Top 10 Big Data Security Considerations
- Think Even Bigger
Before we dive into security for specific big data platforms (like Hadoop, NoSQL and more) in the slides ahead, let’s think holistically. Make sure your company has a well-tested security and compliance strategy in place – covering physical assets (facilities); network and IT infrastructure; applications and data. Include clearly defined responsibilities for specific executives; contingency plans for potential breach scenarios; and testing schedules to help fine-tune the plan on a regular basis.
- Basic Hadoop Security
Apache Hadoop, the grid technology, is increasingly popular for storing massive amounts of data. By default, Hadoop runs in non-secure mode. When service-level authentication is turned on, Hadoop end-users must be authenticated by Kerberos – the popular computer network authentication protocol.
- Deeper Hadoop Security Offerings
The major Hadoop distribution providers – including Cloudera, Hortonworks and MapR – also offer various security solutions that support authentication, authorization, encryption and more.
- Track Hadoop Data Governance
Hadoop originally lacked consistent data governance methodologies. But Hortonworks is striving to close that gap with the Data Governance Initiative (DGI). Major partners like Aetna, Merck, Target and SAS are involved in the effort – which strives to ensure Hadoop governance standards are (1) transparent and available to all, (2) reproducible and auditable and (3) consistent. Still a work in progress
- Relational Database Security: Part I
Yes indeed, relational databases and SQL-oriented solutions still manage the majority of enterprise data, according to a recent survey from Dell and Unisphere. To safeguard a relational database, make sure you focus on five areas of breach prevention (authentication and authorization; database firewall; encryption; data redaction and masking; and patch management), according to Layer Seven Security. Also, make sure your organization understands four areas of breach detection (data discovery and classification; privilege analysis; configuration management; and logging and auditing), Layer Seven Security adds.
- Relational Database Security: Part II
The leading relational database providers offer checklists to mitigate security risks. The following links lead to specific security guidance for some of the best-known relational databases: IBM DB2, Microsoft SQL Server, MySQL and Oracle.
- In-memory Databases: Part I
In-memory databases store data entirely in main memory, which can be an ideal approach for data-intensive applications like analytics, social networking and e-commerce systems.
Generally speaking, in-memory databases have built-in security features but the bigger concerns involve IT architecture. For instance, a Payment Card Industry Data Security Standard (PCI DSS) best practice calls for application and database services to run on separate servers located in independent network zones, notes Layer Seven Security. However, some in-memory databases have built-in application and web servers – allowing each piece of software to share hardware resources.
To mitigate the potential security risks associated with such tightly integrated software stacks, check in with your specific in-memory database vendor.
- In-memory Databases: Part II
Some in-memory databases could also be susceptible to so-called RAM-based attacks or physical memory attacks. Attacks such as RAM-scrapping are relatively rare but are becoming more prevalent since attackers are increasingly targeting volatile memory to circumvent encrypted data in persistent memory, notes Layer Seven security.
- File Sync and Sharing Security
Box, Dropbox and other cloud-based file sharing tools are now mainstream. Big data systems will increasingly tap into cloud-based file sharing systems to analyze all of that unstructured information. Dozens of consumer- and corporate-grade file sharing systems exist. Each has its own security tools. The differentiator? Your own IT team, which must document when and how employees are permitted to use those public cloud services. Source