Zettaset working toward Big Data encryption for Hadoop
Eric Murray, security architect at Zettaset, says the firm’s Orchestrator suite for managing Hadoop clusters is being enhanced to include a way to establish key-management servers based on symmetric keys to encrypt Hadoop data partitions. This option is not targeting field-level encryption, he notes, but will allow the security manager to set up an automated method for encrypting data stored in the Hadoop database.
The architecture will use symmetric encryption keys, based on the AES 256 standard, kept in kernel node of the computing node in order to encrypt and de-crypt data. Encryption always brings a performance overhead, and Zettaset is relying on symmetric key crypto rather than public-key crypt in part because it’s viewed as faster, Murray says.
Data processing isn’t accomplished unless data is decrypted first, so one issue is how protected symmetric keys are since highly-skilled hackers have been known to capture encryption keys during the computing process. Zettaset is aware of this threat. “Stealing out of memory can be done,” Murray acknowledges. However, this is still viewed as hard to do.
Database encryption is very specialized and there is little available today for open-source Hadoop, according to Zettaset. The company sees its encryption capability competing most closely against something similar from another company, Gazzang.
Zettaset says it expects to be out with its Hadoop-based partition encryption system, which would also include a way to set up key-management servers based on certificates, in the next few months. It all would be sold as part of the Zettaset Orchestrator software, which today supports other types of security, including role-based access control for Hadoop. By Ellen Messmer, read more