SlideShare une entreprise Scribd logo

Doing hadoop securely

Robert Gibbon
Robert Gibbon

This is the talk I gave at the Brussels Data Science meetup on 17/06/2015, focusing on information security & governance technical controls available to implementors within Hadoop-core.

Données & analyses
1  sur  24
Télécharger pour lire hors ligne
Big Data Consulting doing hadoop, securely
Rob Gibbon ■ Architect @Big Industries Belgium ■ Focus on designing, deploying & integrating web scale solutions with Hadoop ■ Deliveries for clients in telco, financial services & media
Hadoop was built to survive data tsunamis ■ a response to challenges that enterprise vendors were unable to address ■ focused on data volumes and cost reduction ■ initially, the solution had some serious holes
Confidentiality, Integrity, Availability ■ early prereleases couldn’t really meet any of these three fundamental infosec objectives ■ basic controls weren’t there
the early days ■ Multiple SPoF ■ No authentication ■ Easily spoofed authorisation ■ No encryption of data at rest nor in transit ■ No accounting
enter the hadoop vendors ■ Vendors like Cloudera focus on making Apache Hadoop “enterprise ready” ■ Includes building robust infosec controls into Hadoop core ■ Multilayer security is now available for Hadoop
running a cluster in non-secure mode ■ malicious|mistaken user: ■ recursively delete all the data please ■ by the way, I’m the system superuser ■ hadoop: ■ oh ok then
bad things happen with slack controls in place
average cost of a data breach = $3.8m
running a secure cluster ■ Kerberos is one of the primary security controls you can use ■ Btw, what’s wrong with this kerberos principal? ■ hdfs@BIGINDUSTRIES.BE
kerberos continued ■ Kerberos uses a three-part principal ■ hdfs/node1.cluster1.bigindustries.be@BIGINDUSTRIES.BE ■ hdfs/node1.cluster2.bigindustries.be@BIGINDUSTRIES.BE ■ Best to use explicit mappings from kerberos principals to local users
hive / impala ■ HiveServer doesn’t support Kerberos => use HiveServer2 ■ Best to use Sentry to enforce role based access controls from SQL ■ Users can upload and execute arbitrary [possibly hostile] UDFs => enable Sentry ■ Older versions of Metastore don’t enforce permissions on grant_* and revoke_* APIs => stay up to date
availability ■ Most core components now support HA ■ HDFS ■ YARN ■ Hive ■ Hbase
disaster recovery ■ HDFS and HBase offer point-in-time snapshots ■ => consistentency! ■ Vendor-tethered solutions for site-to-site replication are available
encryption at rest ■ HDFS encryption zones ■ transparent to existing applications ■ minimal performance overhead on Intel architecture ■ key management is externalised
wire encryption ■ SSL encryption is now available for most Hadoop services ■ Note that AES-256 for SSL and for Kerberos preauth requires extra JCE policy files on the cluster
accounting ■ Vendor-tethered solutions are available for auditing ■ Navigator for Cloudera clusters ■ Ranger for HortonWorks clusters
tokenization ■ The process of substituting a sensitive data element with a non-sensitive equivalent ■ 3rd Party vendor solutions are available that integrate well with Hadoop
some places where there’s still some work to do ■ Setting up hadoop security controls is complex and time consuming ■ Not much support for SELinux around here ■ No general, coherent, policy-based framework for controlling resource access demands ■ Apache Knox is a starting point ■ => network and host resource access?
Integration ■ Integrating hadoop into an organisation’s services environment needs careful planning ■ Hadoop can conflict with established governance policies ■ system accounts & privileges ■ remote access ■ firewall flows ■ domains and trust ■ etc.
layered security in hadoop-core ■ Authentication: Kerberos ■ Authorisation: Local unix group or LDAP mappings ■ Authorisation: Sentry RBACS for hive/impala ■ Encryption: HDFS encryption ■ Encryption: SSL encryption for most services ■ Availability: Active/Passive failover HDFS, YARN, Hbase ■ Integrity: HDFS block replication & CRC checksum
but what about poodle/heartbleed/shellshock/whatever... ■ underlines the need for a mature information security governance strategy & architecture
defence-in-depth ■ A layered security architecture for Hadoop clusters is doable ■ eg. MasterCard’s Cloudera Hadoop cluster achieved PCI compliance in 2014 http://goo.gl/FP5DUt
thanks for listening be.linkedin.com/in/robertgibbon www.bigindustries.be

Recommandé

Webinar slides: How to Get Started with Open Source Database Management
Webinar slides: How to Get Started with Open Source Database ManagementWebinar slides: How to Get Started with Open Source Database Management
Webinar slides: How to Get Started with Open Source Database Management
Severalnines
 
Top 5 Reasons to Replace Data Domain with NetBackup Appliances
Top 5 Reasons to Replace Data Domain with NetBackup AppliancesTop 5 Reasons to Replace Data Domain with NetBackup Appliances
Top 5 Reasons to Replace Data Domain with NetBackup Appliances
Veritas Technologies LLC
 
A futuristic look at BnR: The rise of the machine learning
A futuristic look at BnR: The rise of the machine learningA futuristic look at BnR: The rise of the machine learning
A futuristic look at BnR: The rise of the machine learning
Veritas Technologies LLC
 
Deep Dive: What's New in NetBackup Appliances 3.1
Deep Dive: What's New in NetBackup Appliances 3.1Deep Dive: What's New in NetBackup Appliances 3.1
Deep Dive: What's New in NetBackup Appliances 3.1
Veritas Technologies LLC
 
Implementing a long term data retention strategy that leverages the cloud
Implementing a long term data retention strategy that leverages the cloudImplementing a long term data retention strategy that leverages the cloud
Implementing a long term data retention strategy that leverages the cloud
Veritas Technologies LLC
 
AWSome Insider's View of NetBackup 8.1
AWSome Insider's View of NetBackup 8.1AWSome Insider's View of NetBackup 8.1
AWSome Insider's View of NetBackup 8.1
Veritas Technologies LLC
 
Moving to cloud a checklist of top tips to help you migrate to the cloud © ...
Moving to cloud a checklist of top tips to help you migrate to the cloud © ...Moving to cloud a checklist of top tips to help you migrate to the cloud © ...
Moving to cloud a checklist of top tips to help you migrate to the cloud © ...
Paul McCormack
 
Unlocking the Full Power of Your Backup Data with Veritas NetBackup Data Virt...
Unlocking the Full Power of Your Backup Data with Veritas NetBackup Data Virt...Unlocking the Full Power of Your Backup Data with Veritas NetBackup Data Virt...
Unlocking the Full Power of Your Backup Data with Veritas NetBackup Data Virt...
Veritas Technologies LLC
 

Recommandé

Webinar slides: How to Get Started with Open Source Database Management
Webinar slides: How to Get Started with Open Source Database ManagementWebinar slides: How to Get Started with Open Source Database Management
Webinar slides: How to Get Started with Open Source Database Management
Severalnines
 
Top 5 Reasons to Replace Data Domain with NetBackup Appliances
Top 5 Reasons to Replace Data Domain with NetBackup AppliancesTop 5 Reasons to Replace Data Domain with NetBackup Appliances
Top 5 Reasons to Replace Data Domain with NetBackup Appliances
Veritas Technologies LLC
 
A futuristic look at BnR: The rise of the machine learning
A futuristic look at BnR: The rise of the machine learningA futuristic look at BnR: The rise of the machine learning
A futuristic look at BnR: The rise of the machine learning
Veritas Technologies LLC
 
Deep Dive: What's New in NetBackup Appliances 3.1
Deep Dive: What's New in NetBackup Appliances 3.1Deep Dive: What's New in NetBackup Appliances 3.1
Deep Dive: What's New in NetBackup Appliances 3.1
Veritas Technologies LLC
 
Implementing a long term data retention strategy that leverages the cloud
Implementing a long term data retention strategy that leverages the cloudImplementing a long term data retention strategy that leverages the cloud
Implementing a long term data retention strategy that leverages the cloud
Veritas Technologies LLC
 
AWSome Insider's View of NetBackup 8.1
AWSome Insider's View of NetBackup 8.1AWSome Insider's View of NetBackup 8.1
AWSome Insider's View of NetBackup 8.1
Veritas Technologies LLC
 
Moving to cloud a checklist of top tips to help you migrate to the cloud © ...
Moving to cloud a checklist of top tips to help you migrate to the cloud © ...Moving to cloud a checklist of top tips to help you migrate to the cloud © ...
Moving to cloud a checklist of top tips to help you migrate to the cloud © ...
Paul McCormack
 
Unlocking the Full Power of Your Backup Data with Veritas NetBackup Data Virt...
Unlocking the Full Power of Your Backup Data with Veritas NetBackup Data Virt...Unlocking the Full Power of Your Backup Data with Veritas NetBackup Data Virt...
Unlocking the Full Power of Your Backup Data with Veritas NetBackup Data Virt...
Veritas Technologies LLC
 
Webinar: Moving the Enterprise Backup to the Cloud – A Step-By-Step Guide
Webinar: Moving the Enterprise Backup to the Cloud – A Step-By-Step GuideWebinar: Moving the Enterprise Backup to the Cloud – A Step-By-Step Guide
Webinar: Moving the Enterprise Backup to the Cloud – A Step-By-Step Guide
Storage Switzerland
 
E2 evc 3-2-1-rule - mikeresseler
E2 evc 3-2-1-rule - mikeresselerE2 evc 3-2-1-rule - mikeresseler
E2 evc 3-2-1-rule - mikeresseler
Mike Resseler
 
Accelerate your digital business transformation with 360 Data Management
Accelerate your digital business transformation with 360 Data ManagementAccelerate your digital business transformation with 360 Data Management
Accelerate your digital business transformation with 360 Data Management
Veritas Technologies LLC
 
Cloud Bursting: Leveraging the Cloud to Maintain App Performance during Peak ...
Cloud Bursting: Leveraging the Cloud to Maintain App Performance during Peak ...Cloud Bursting: Leveraging the Cloud to Maintain App Performance during Peak ...
Cloud Bursting: Leveraging the Cloud to Maintain App Performance during Peak ...
Veritas Technologies LLC
 
NetBackup CloudCatalyst: Efficient, Cost-Effective Deduplication to the Cloud
NetBackup CloudCatalyst: Efficient, Cost-Effective Deduplication to the CloudNetBackup CloudCatalyst: Efficient, Cost-Effective Deduplication to the Cloud
NetBackup CloudCatalyst: Efficient, Cost-Effective Deduplication to the Cloud
Veritas Technologies LLC
 
Keeping Your Cloud Workloads Protected
Keeping Your Cloud Workloads ProtectedKeeping Your Cloud Workloads Protected
Keeping Your Cloud Workloads Protected
Veritas Technologies LLC
 
Examining Technical Best Practices for Veritas and AWS Using a Detailed Refer...
Examining Technical Best Practices for Veritas and AWS Using a Detailed Refer...Examining Technical Best Practices for Veritas and AWS Using a Detailed Refer...
Examining Technical Best Practices for Veritas and AWS Using a Detailed Refer...
Veritas Technologies LLC
 
D3SF17- Migrating to the Cloud 5- Years' Worth of Lessons Learned
D3SF17- Migrating to the Cloud 5- Years' Worth of Lessons LearnedD3SF17- Migrating to the Cloud 5- Years' Worth of Lessons Learned
D3SF17- Migrating to the Cloud 5- Years' Worth of Lessons Learned
Imperva Incapsula
 
SLA Consistency: Protecting Workloads from On-premises to Cloud without Compr...
SLA Consistency: Protecting Workloads from On-premises to Cloud without Compr...SLA Consistency: Protecting Workloads from On-premises to Cloud without Compr...
SLA Consistency: Protecting Workloads from On-premises to Cloud without Compr...
Veritas Technologies LLC
 
O365 E3 + Veritas > O365 E5: Solve the Governance Conundrum
O365 E3 + Veritas > O365 E5: Solve the Governance ConundrumO365 E3 + Veritas > O365 E5: Solve the Governance Conundrum
O365 E3 + Veritas > O365 E5: Solve the Governance Conundrum
Veritas Technologies LLC
 
Making Data Protection Simple, Affordable, and BE Easy
Making Data Protection Simple, Affordable, and BE EasyMaking Data Protection Simple, Affordable, and BE Easy
Making Data Protection Simple, Affordable, and BE Easy
Veritas Technologies LLC
 
Test Drive: Experience Single-Click Command with the Veritas Access User Inte...
Test Drive: Experience Single-Click Command with the Veritas Access User Inte...Test Drive: Experience Single-Click Command with the Veritas Access User Inte...
Test Drive: Experience Single-Click Command with the Veritas Access User Inte...
Veritas Technologies LLC
 
Examining Technical Best Practices for Veritas and Azure Using a Detailed Re...
Examining Technical Best Practices for Veritas and Azure Using a Detailed Re... Examining Technical Best Practices for Veritas and Azure Using a Detailed Re...
Examining Technical Best Practices for Veritas and Azure Using a Detailed Re...
Veritas Technologies LLC
 
Deep Dive: a technical insider's view of NetBackup 8.1 and NetBackup Appliances
Deep Dive: a technical insider's view of NetBackup 8.1 and NetBackup AppliancesDeep Dive: a technical insider's view of NetBackup 8.1 and NetBackup Appliances
Deep Dive: a technical insider's view of NetBackup 8.1 and NetBackup Appliances
Veritas Technologies LLC
 
Technical Best Practices for Veritas and Microsoft Azure Using a Detailed Ref...
Technical Best Practices for Veritas and Microsoft Azure Using a Detailed Ref...Technical Best Practices for Veritas and Microsoft Azure Using a Detailed Ref...
Technical Best Practices for Veritas and Microsoft Azure Using a Detailed Ref...
Veritas Technologies LLC
 
Webinar: Cloud Storage: The 5 Reasons IT Can Do it Better
Webinar: Cloud Storage: The 5 Reasons IT Can Do it BetterWebinar: Cloud Storage: The 5 Reasons IT Can Do it Better
Webinar: Cloud Storage: The 5 Reasons IT Can Do it Better
Storage Switzerland
 
Stop compromising your data in the cloud with Veritas CloudPoint
Stop compromising your data in the cloud with Veritas CloudPointStop compromising your data in the cloud with Veritas CloudPoint
Stop compromising your data in the cloud with Veritas CloudPoint
Veritas Technologies LLC
 
Avoiding disaster recovery disasters
Avoiding disaster recovery disastersAvoiding disaster recovery disasters
Avoiding disaster recovery disasters
Alexandra Matthiesen
 
Industrial production process visualization with the Elastic Stack in real-ti...
Industrial production process visualization with the Elastic Stack in real-ti...Industrial production process visualization with the Elastic Stack in real-ti...
Industrial production process visualization with the Elastic Stack in real-ti...
Elasticsearch
 
Predictable Business Continuity for Amazon Web Services
Predictable Business Continuity for Amazon Web ServicesPredictable Business Continuity for Amazon Web Services
Predictable Business Continuity for Amazon Web Services
Veritas Technologies LLC
 
Big Data Strategy for the Relational World
Big Data Strategy for the Relational World Big Data Strategy for the Relational World
Big Data Strategy for the Relational World
Andrew Brust
 
Beyond TCO
Beyond TCOBeyond TCO
Beyond TCO
DataWorks Summit/Hadoop Summit
 

Contenu connexe

Tendances

Accelerate your digital business transformation with 360 Data Management
Accelerate your digital business transformation with 360 Data ManagementAccelerate your digital business transformation with 360 Data Management
Accelerate your digital business transformation with 360 Data Management
Veritas Technologies LLC
 
NetBackup CloudCatalyst: Efficient, Cost-Effective Deduplication to the Cloud
NetBackup CloudCatalyst: Efficient, Cost-Effective Deduplication to the CloudNetBackup CloudCatalyst: Efficient, Cost-Effective Deduplication to the Cloud
NetBackup CloudCatalyst: Efficient, Cost-Effective Deduplication to the Cloud
Veritas Technologies LLC
 
Test Drive: Experience Single-Click Command with the Veritas Access User Inte...
Test Drive: Experience Single-Click Command with the Veritas Access User Inte...Test Drive: Experience Single-Click Command with the Veritas Access User Inte...
Test Drive: Experience Single-Click Command with the Veritas Access User Inte...
Veritas Technologies LLC
 
Deep Dive: a technical insider's view of NetBackup 8.1 and NetBackup Appliances
Deep Dive: a technical insider's view of NetBackup 8.1 and NetBackup AppliancesDeep Dive: a technical insider's view of NetBackup 8.1 and NetBackup Appliances
Deep Dive: a technical insider's view of NetBackup 8.1 and NetBackup Appliances
Veritas Technologies LLC
 

Tendances (20)

Webinar: Moving the Enterprise Backup to the Cloud – A Step-By-Step Guide
Webinar: Moving the Enterprise Backup to the Cloud – A Step-By-Step GuideWebinar: Moving the Enterprise Backup to the Cloud – A Step-By-Step Guide
Webinar: Moving the Enterprise Backup to the Cloud – A Step-By-Step Guide
 
E2 evc 3-2-1-rule - mikeresseler
E2 evc 3-2-1-rule - mikeresselerE2 evc 3-2-1-rule - mikeresseler
E2 evc 3-2-1-rule - mikeresseler
 
Accelerate your digital business transformation with 360 Data Management
Accelerate your digital business transformation with 360 Data ManagementAccelerate your digital business transformation with 360 Data Management
Accelerate your digital business transformation with 360 Data Management
 
Cloud Bursting: Leveraging the Cloud to Maintain App Performance during Peak ...
Cloud Bursting: Leveraging the Cloud to Maintain App Performance during Peak ...Cloud Bursting: Leveraging the Cloud to Maintain App Performance during Peak ...
Cloud Bursting: Leveraging the Cloud to Maintain App Performance during Peak ...
 
NetBackup CloudCatalyst: Efficient, Cost-Effective Deduplication to the Cloud
NetBackup CloudCatalyst: Efficient, Cost-Effective Deduplication to the CloudNetBackup CloudCatalyst: Efficient, Cost-Effective Deduplication to the Cloud
NetBackup CloudCatalyst: Efficient, Cost-Effective Deduplication to the Cloud
 
Keeping Your Cloud Workloads Protected
Keeping Your Cloud Workloads ProtectedKeeping Your Cloud Workloads Protected
Keeping Your Cloud Workloads Protected
 
Examining Technical Best Practices for Veritas and AWS Using a Detailed Refer...
Examining Technical Best Practices for Veritas and AWS Using a Detailed Refer...Examining Technical Best Practices for Veritas and AWS Using a Detailed Refer...
Examining Technical Best Practices for Veritas and AWS Using a Detailed Refer...
 
D3SF17- Migrating to the Cloud 5- Years' Worth of Lessons Learned
D3SF17- Migrating to the Cloud 5- Years' Worth of Lessons LearnedD3SF17- Migrating to the Cloud 5- Years' Worth of Lessons Learned
D3SF17- Migrating to the Cloud 5- Years' Worth of Lessons Learned
 
SLA Consistency: Protecting Workloads from On-premises to Cloud without Compr...
SLA Consistency: Protecting Workloads from On-premises to Cloud without Compr...SLA Consistency: Protecting Workloads from On-premises to Cloud without Compr...
SLA Consistency: Protecting Workloads from On-premises to Cloud without Compr...
 
O365 E3 + Veritas > O365 E5: Solve the Governance Conundrum
O365 E3 + Veritas > O365 E5: Solve the Governance ConundrumO365 E3 + Veritas > O365 E5: Solve the Governance Conundrum
O365 E3 + Veritas > O365 E5: Solve the Governance Conundrum
 
Making Data Protection Simple, Affordable, and BE Easy
Making Data Protection Simple, Affordable, and BE EasyMaking Data Protection Simple, Affordable, and BE Easy
Making Data Protection Simple, Affordable, and BE Easy
 
Test Drive: Experience Single-Click Command with the Veritas Access User Inte...
Test Drive: Experience Single-Click Command with the Veritas Access User Inte...Test Drive: Experience Single-Click Command with the Veritas Access User Inte...
Test Drive: Experience Single-Click Command with the Veritas Access User Inte...
 
Examining Technical Best Practices for Veritas and Azure Using a Detailed Re...
Examining Technical Best Practices for Veritas and Azure Using a Detailed Re... Examining Technical Best Practices for Veritas and Azure Using a Detailed Re...
Examining Technical Best Practices for Veritas and Azure Using a Detailed Re...
 
Deep Dive: a technical insider's view of NetBackup 8.1 and NetBackup Appliances
Deep Dive: a technical insider's view of NetBackup 8.1 and NetBackup AppliancesDeep Dive: a technical insider's view of NetBackup 8.1 and NetBackup Appliances
Deep Dive: a technical insider's view of NetBackup 8.1 and NetBackup Appliances
 
Technical Best Practices for Veritas and Microsoft Azure Using a Detailed Ref...
Technical Best Practices for Veritas and Microsoft Azure Using a Detailed Ref...Technical Best Practices for Veritas and Microsoft Azure Using a Detailed Ref...
Technical Best Practices for Veritas and Microsoft Azure Using a Detailed Ref...
 
Webinar: Cloud Storage: The 5 Reasons IT Can Do it Better
Webinar: Cloud Storage: The 5 Reasons IT Can Do it BetterWebinar: Cloud Storage: The 5 Reasons IT Can Do it Better
Webinar: Cloud Storage: The 5 Reasons IT Can Do it Better
 
Stop compromising your data in the cloud with Veritas CloudPoint
Stop compromising your data in the cloud with Veritas CloudPointStop compromising your data in the cloud with Veritas CloudPoint
Stop compromising your data in the cloud with Veritas CloudPoint
 
Avoiding disaster recovery disasters
Avoiding disaster recovery disastersAvoiding disaster recovery disasters
Avoiding disaster recovery disasters
 
Industrial production process visualization with the Elastic Stack in real-ti...
Industrial production process visualization with the Elastic Stack in real-ti...Industrial production process visualization with the Elastic Stack in real-ti...
Industrial production process visualization with the Elastic Stack in real-ti...
 
Predictable Business Continuity for Amazon Web Services
Predictable Business Continuity for Amazon Web ServicesPredictable Business Continuity for Amazon Web Services
Predictable Business Continuity for Amazon Web Services
 

Similaire à Doing hadoop securely

Big Data Strategy for the Relational World
Big Data Strategy for the Relational World Big Data Strategy for the Relational World
Big Data Strategy for the Relational World
Andrew Brust
 
Trusted Analytics as a Service (BDT209) | AWS re:Invent 2013
Trusted Analytics as a Service (BDT209) | AWS re:Invent 2013Trusted Analytics as a Service (BDT209) | AWS re:Invent 2013
Trusted Analytics as a Service (BDT209) | AWS re:Invent 2013
Amazon Web Services
 
Things Every Oracle DBA Needs to Know About the Hadoop Ecosystem 20170527
Things Every Oracle DBA Needs to Know About the Hadoop Ecosystem 20170527Things Every Oracle DBA Needs to Know About the Hadoop Ecosystem 20170527
Things Every Oracle DBA Needs to Know About the Hadoop Ecosystem 20170527
Zohar Elkayam
 
Things Every Oracle DBA Needs to Know about the Hadoop Ecosystem
Things Every Oracle DBA Needs to Know about the Hadoop EcosystemThings Every Oracle DBA Needs to Know about the Hadoop Ecosystem
Things Every Oracle DBA Needs to Know about the Hadoop Ecosystem
Zohar Elkayam
 
Hd insight essentials quick view
Hd insight essentials quick viewHd insight essentials quick view
Hd insight essentials quick view
Rajesh Nadipalli
 

Similaire à Doing hadoop securely (20)

Big Data Strategy for the Relational World
Big Data Strategy for the Relational World Big Data Strategy for the Relational World
Big Data Strategy for the Relational World
 
Beyond TCO
Beyond TCOBeyond TCO
Beyond TCO
 
Hadoop and Big Data
Hadoop and Big DataHadoop and Big Data
Hadoop and Big Data
 
Tcloud Computing Hadoop Family and Ecosystem Service 2013.Q3
Tcloud Computing Hadoop Family and Ecosystem Service 2013.Q3Tcloud Computing Hadoop Family and Ecosystem Service 2013.Q3
Tcloud Computing Hadoop Family and Ecosystem Service 2013.Q3
 
Best Practices for Administering Hadoop with Hortonworks Data Platform (HDP) ...
Best Practices for Administering Hadoop with Hortonworks Data Platform (HDP) ...Best Practices for Administering Hadoop with Hortonworks Data Platform (HDP) ...
Best Practices for Administering Hadoop with Hortonworks Data Platform (HDP) ...
 
Trusted Analytics as a Service (BDT209) | AWS re:Invent 2013
Trusted Analytics as a Service (BDT209) | AWS re:Invent 2013Trusted Analytics as a Service (BDT209) | AWS re:Invent 2013
Trusted Analytics as a Service (BDT209) | AWS re:Invent 2013
 
Things Every Oracle DBA Needs to Know About the Hadoop Ecosystem 20170527
Things Every Oracle DBA Needs to Know About the Hadoop Ecosystem 20170527Things Every Oracle DBA Needs to Know About the Hadoop Ecosystem 20170527
Things Every Oracle DBA Needs to Know About the Hadoop Ecosystem 20170527
 
Things Every Oracle DBA Needs to Know about the Hadoop Ecosystem
Things Every Oracle DBA Needs to Know about the Hadoop EcosystemThings Every Oracle DBA Needs to Know about the Hadoop Ecosystem
Things Every Oracle DBA Needs to Know about the Hadoop Ecosystem
 
Things Every Oracle DBA Needs To Know About The Hadoop Ecosystem
Things Every Oracle DBA Needs To Know About The Hadoop EcosystemThings Every Oracle DBA Needs To Know About The Hadoop Ecosystem
Things Every Oracle DBA Needs To Know About The Hadoop Ecosystem
 
Journey to the Cloud: What I Wish I Knew Before I Started
Journey to the Cloud: What I Wish I Knew Before I Started Journey to the Cloud: What I Wish I Knew Before I Started
Journey to the Cloud: What I Wish I Knew Before I Started
 
Strata NY 2014 - Architectural considerations for Hadoop applications tutorial
Strata NY 2014 - Architectural considerations for Hadoop applications tutorialStrata NY 2014 - Architectural considerations for Hadoop applications tutorial
Strata NY 2014 - Architectural considerations for Hadoop applications tutorial
 
Hd insight essentials quick view
Hd insight essentials quick viewHd insight essentials quick view
Hd insight essentials quick view
 
HdInsight essentials Hadoop on Microsoft Platform
HdInsight essentials Hadoop on Microsoft PlatformHdInsight essentials Hadoop on Microsoft Platform
HdInsight essentials Hadoop on Microsoft Platform
 
Hd insight essentials quick view
Hd insight essentials quick viewHd insight essentials quick view
Hd insight essentials quick view
 
Hadoop project design and a usecase
Hadoop project design and a usecaseHadoop project design and a usecase
Hadoop project design and a usecase
 
Strata EU tutorial - Architectural considerations for hadoop applications
Strata EU tutorial - Architectural considerations for hadoop applicationsStrata EU tutorial - Architectural considerations for hadoop applications
Strata EU tutorial - Architectural considerations for hadoop applications
 
Hadoop and SQL: Delivery Analytics Across the Organization
Hadoop and SQL: Delivery Analytics Across the OrganizationHadoop and SQL: Delivery Analytics Across the Organization
Hadoop and SQL: Delivery Analytics Across the Organization
 
CommVault - Your Journey to A Secure Cloud Event
CommVault - Your Journey to A Secure Cloud EventCommVault - Your Journey to A Secure Cloud Event
CommVault - Your Journey to A Secure Cloud Event
 
Intro to Hadoop Presentation at Carnegie Mellon - Silicon Valley
Intro to Hadoop Presentation at Carnegie Mellon - Silicon ValleyIntro to Hadoop Presentation at Carnegie Mellon - Silicon Valley
Intro to Hadoop Presentation at Carnegie Mellon - Silicon Valley
 
Application Architectures with Hadoop
Application Architectures with HadoopApplication Architectures with Hadoop
Application Architectures with Hadoop
 

Dernier

➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...
➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...
➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...
amitlee9823
 
Just Call Vip call girls roorkee Escorts ☎️9352988975 Two shot with one girl ...
Just Call Vip call girls roorkee Escorts ☎️9352988975 Two shot with one girl ...Just Call Vip call girls roorkee Escorts ☎️9352988975 Two shot with one girl ...
Just Call Vip call girls roorkee Escorts ☎️9352988975 Two shot with one girl ...
gajnagarg
 
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
amitlee9823
 
Call Girls Indiranagar Just Call 👗 9155563397 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 9155563397 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 9155563397 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 9155563397 👗 Top Class Call Girl Service B...
only4webmaster01
 
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
amitlee9823
 
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night StandCall Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 
Abortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get CytotecAbortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Riyadh +966572737505 get cytotec
 
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
amitlee9823
 
Predicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science ProjectPredicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science Project
Boston Institute of Analytics
 
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night StandCall Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
amitlee9823
 
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
amitlee9823
 
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNKDATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
Timothy Spann
 
Just Call Vip call girls Erode Escorts ☎️9352988975 Two shot with one girl (E...
Just Call Vip call girls Erode Escorts ☎️9352988975 Two shot with one girl (E...Just Call Vip call girls Erode Escorts ☎️9352988975 Two shot with one girl (E...
Just Call Vip call girls Erode Escorts ☎️9352988975 Two shot with one girl (E...
gajnagarg
 
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
amitlee9823
 
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
amitlee9823
 
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Riyadh +966572737505 get cytotec
 
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
amitlee9823
 
Just Call Vip call girls Palakkad Escorts ☎️9352988975 Two shot with one girl...
Just Call Vip call girls Palakkad Escorts ☎️9352988975 Two shot with one girl...Just Call Vip call girls Palakkad Escorts ☎️9352988975 Two shot with one girl...
Just Call Vip call girls Palakkad Escorts ☎️9352988975 Two shot with one girl...
gajnagarg
 

Dernier (20)

➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...
➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...
➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...
 
Just Call Vip call girls roorkee Escorts ☎️9352988975 Two shot with one girl ...
Just Call Vip call girls roorkee Escorts ☎️9352988975 Two shot with one girl ...Just Call Vip call girls roorkee Escorts ☎️9352988975 Two shot with one girl ...
Just Call Vip call girls roorkee Escorts ☎️9352988975 Two shot with one girl ...
 
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
 
Call Girls Indiranagar Just Call 👗 9155563397 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 9155563397 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 9155563397 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 9155563397 👗 Top Class Call Girl Service B...
 
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
 
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night StandCall Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
 
Abortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get CytotecAbortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get Cytotec
 
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
 
Predicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science ProjectPredicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science Project
 
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night StandCall Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
 
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
 
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
 
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNKDATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
 
Just Call Vip call girls Erode Escorts ☎️9352988975 Two shot with one girl (E...
Just Call Vip call girls Erode Escorts ☎️9352988975 Two shot with one girl (E...Just Call Vip call girls Erode Escorts ☎️9352988975 Two shot with one girl (E...
Just Call Vip call girls Erode Escorts ☎️9352988975 Two shot with one girl (E...
 
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
 
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
 
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
 
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
 
Just Call Vip call girls Palakkad Escorts ☎️9352988975 Two shot with one girl...
Just Call Vip call girls Palakkad Escorts ☎️9352988975 Two shot with one girl...Just Call Vip call girls Palakkad Escorts ☎️9352988975 Two shot with one girl...
Just Call Vip call girls Palakkad Escorts ☎️9352988975 Two shot with one girl...
 

Doing hadoop securely

  • 1. Big Data Consulting doing hadoop, securely
  • 2. Rob Gibbon ■ Architect @Big Industries Belgium ■ Focus on designing, deploying & integrating web scale solutions with Hadoop ■ Deliveries for clients in telco, financial services & media
  • 3. Hadoop was built to survive data tsunamis ■ a response to challenges that enterprise vendors were unable to address ■ focused on data volumes and cost reduction ■ initially, the solution had some serious holes
  • 4. Confidentiality, Integrity, Availability ■ early prereleases couldn’t really meet any of these three fundamental infosec objectives ■ basic controls weren’t there
  • 5. the early days ■ Multiple SPoF ■ No authentication ■ Easily spoofed authorisation ■ No encryption of data at rest nor in transit ■ No accounting
  • 6. enter the hadoop vendors ■ Vendors like Cloudera focus on making Apache Hadoop “enterprise ready” ■ Includes building robust infosec controls into Hadoop core ■ Multilayer security is now available for Hadoop
  • 7. running a cluster in non-secure mode ■ malicious|mistaken user: ■ recursively delete all the data please ■ by the way, I’m the system superuser ■ hadoop: ■ oh ok then
  • 8. bad things happen with slack controls in place
  • 9. average cost of a data breach = $3.8m
  • 10. running a secure cluster ■ Kerberos is one of the primary security controls you can use ■ Btw, what’s wrong with this kerberos principal? ■ hdfs@BIGINDUSTRIES.BE
  • 11. kerberos continued ■ Kerberos uses a three-part principal ■ hdfs/node1.cluster1.bigindustries.be@BIGINDUSTRIES.BE ■ hdfs/node1.cluster2.bigindustries.be@BIGINDUSTRIES.BE ■ Best to use explicit mappings from kerberos principals to local users
  • 12. hive / impala ■ HiveServer doesn’t support Kerberos => use HiveServer2 ■ Best to use Sentry to enforce role based access controls from SQL ■ Users can upload and execute arbitrary [possibly hostile] UDFs => enable Sentry ■ Older versions of Metastore don’t enforce permissions on grant_* and revoke_* APIs => stay up to date
  • 13. availability ■ Most core components now support HA ■ HDFS ■ YARN ■ Hive ■ Hbase
  • 14. disaster recovery ■ HDFS and HBase offer point-in-time snapshots ■ => consistentency! ■ Vendor-tethered solutions for site-to-site replication are available
  • 15. encryption at rest ■ HDFS encryption zones ■ transparent to existing applications ■ minimal performance overhead on Intel architecture ■ key management is externalised
  • 16. wire encryption ■ SSL encryption is now available for most Hadoop services ■ Note that AES-256 for SSL and for Kerberos preauth requires extra JCE policy files on the cluster
  • 17. accounting ■ Vendor-tethered solutions are available for auditing ■ Navigator for Cloudera clusters ■ Ranger for HortonWorks clusters
  • 18. tokenization ■ The process of substituting a sensitive data element with a non-sensitive equivalent ■ 3rd Party vendor solutions are available that integrate well with Hadoop
  • 19. some places where there’s still some work to do ■ Setting up hadoop security controls is complex and time consuming ■ Not much support for SELinux around here ■ No general, coherent, policy-based framework for controlling resource access demands ■ Apache Knox is a starting point ■ => network and host resource access?
  • 20. Integration ■ Integrating hadoop into an organisation’s services environment needs careful planning ■ Hadoop can conflict with established governance policies ■ system accounts & privileges ■ remote access ■ firewall flows ■ domains and trust ■ etc.
  • 21. layered security in hadoop-core ■ Authentication: Kerberos ■ Authorisation: Local unix group or LDAP mappings ■ Authorisation: Sentry RBACS for hive/impala ■ Encryption: HDFS encryption ■ Encryption: SSL encryption for most services ■ Availability: Active/Passive failover HDFS, YARN, Hbase ■ Integrity: HDFS block replication & CRC checksum
  • 22. but what about poodle/heartbleed/shellshock/whatever... ■ underlines the need for a mature information security governance strategy & architecture
  • 23. defence-in-depth ■ A layered security architecture for Hadoop clusters is doable ■ eg. MasterCard’s Cloudera Hadoop cluster achieved PCI compliance in 2014 http://goo.gl/FP5DUt