There’s one thing no one in the Hadoop community will argue about — namely, that the big data crunching technology’s enterprise features are growing quickly.
In fact, that may be one of the best things about the highly competitive market. Every vendor is continuously raising its game to win customers.
And in the Hadoop world, security is a hot issue. “Hadoop isn’t inherently secure,” said David Chaiken, CTO of Hadoop-as-a-Service (HaaS) provider Altiscale.
But that doesn’t mean that the Hadoop-based products or services that Enterprises pay for aren’t secure. On the contrary, that’s one of the reasons that the commercial vendors are in business. It’s what they add on to naked Apache Hadoop that creates differentiation.
Protect Me If You Can
There’s clearly no room in the enterprise for solutions that don’t protect data. As a result, Hadoop distro providers like Cloudera and Hortonworks, solution providers like Teradata and Actian and HaaS vendors like Altiscale keep raising their security plays in order to win business and serve their customers.
We reached out to commercial vendors in the market to ask about Hadoop’s security and suitability for the enterprise. Of course, they couldn’t help but tout their wares in the process.
And while normally we would edit that kind of thing out, in this case we’re leaving it in because it speaks directly to how each company addresses the protection of data in Hadoop.Here’s what they said.
Sam Heywood, Director, Product Management, Cloudera
“Comprehensive security for Hadoop must go beyond just checking a box, especially when dealing with Hadoop scale. Cloudera's platform provides multiple layers of security and governance that are built to maintain the business agility and flexibility that Hadoop provides, while providing the security necessary to meet stringent security regulations.”
When it comes to the need for acquiring third party add-ons to boost security, Heywood said, "Cloudera does not require add-ons to provide comprehensive, compliance-ready security. Hadoop clusters are deployed in enterprise environments with existing, well established InfoSec standards and investments in existing security tools to deliver those standards.
"While Cloudera's security is comprehensive, we recognize the importance of being able to integrate with the existing standards and technologies and have built our security and governance solutions to use these existing technologies so enterprises get value from their data faster.”
Heywood added that Cloudera offers comprehensive, compliance-ready security that addresses authentication, authorization, audit and compliant data protection via encryption and key management. “Our comprehensive security is built into the core of the platform and is ready for and being used in production by customers across multiple industries, “he said, adding that Cloudera is the first and only Hadoop distribution to achieve PCI compliance and MasterCard is operating a PCI-certified Cloudera EDH cluster.
Shaun Connolly, Chief Strategy Officer, Hortonworks
“Security is a top of mind requirement for every enterprise customer. We took steps last year to ensure that data stored in Hadoop is protected when we acquired XA Secure, now open source as Apache Ranger.
We believe securing Hadoop requires a centralized and comprehensive approach to security administration, authentication, authorization, audit and data protection at all levels of the platform.
The Hortonworks Data Platform addresses the complete set of security requirements and is the only Hadoop solution to provide a single pane of glass for the security administrator that enforces comprehensive security policy across the entire Hadoop stack. And our partnerships with security vendors such as Protegrity, Voltage Security, and Dataguise give enterprises the choice to leverage certified solutions that they’re using more broadly beyond Hadoop.”
David Chaiken, CTO, Altiscale
"Hadoop is not inherently highly secure. Achieving comprehensive security for Hadoop requires policies, procedures and technologies that are well beyond the basic security capabilities built into Hadoop.
Altiscale employs a multi-layered approach to data, network and systems protection in order to achieve high security.
This approach requires the kind of significant Hadoop expertise that we have at Altiscale. As a result, the Altiscale Data Cloud is a much more secure deployment than most others ‑ whether they are on-premises or hosted in the cloud."
Dan Graham, GM, Enterprise Systems, Teradata
“Products like Teradata Loom support both Kerberos and LDAP authentication to ensure only persons with Loom permissions can access Hadoop files.
Similarly, Think Big and Teradata Professional Services provide security architecture and implementation services for Apache Knox, Apache Ranger, access controls, encryption, auditing and operating system hardening.”
Emma McGrattan, SVP of Engineering, Actian
"Hadoop technology is young and still relatively immature when it comes to enterprise-strength security.
Actian has built security into our products from their inception. As a result we can now fortify sensitive data on Hadoop to the same level as one would expect in an enterprise data warehouse.
This means that our customers don’t have to rely on third-party solutions to secure their data on Hadoop like some of our competitors do with Apache Sentry.
Actian believes in openness and has built a security infrastructure that enables third party security solutions like OpenLDAP, Active Directory, Kerberos and others to integrate with the database so that the data that is on Hadoop can be protected as part of a standard enterprise security policy. Out of the box, Actian provides:
- Discretionary access control — The Database administrator can specify at the user, group or role level who can access what within the database.
- Role separation — A database administrator should have the ability to manage all of the data and access to the database, but shouldn’t have access to all of the data in a database.
- Query auditing— track who issued what query from where and when.
- Data encryption — we can encrypt data in motion
These built-in security features enable our customers to provide enterprise-class security without having to sacrifice performance, and they greatly enhance the enterprise-readiness of Hadoop.”
So for Enterprise IT managers who worry about security being an issue in Hadoop, here is the reality. Security can be an issue, unless you work with a commercial provider whose business it is to offer Hadoop-based solutions that will protect your business.
Finally, it should be noted that we did not get feedback from every player in the space.
We didn't approach all of them. Others just opted not to comment.
But based on what we’ve found, Hadoop solution providers are continuously working to make data in Hadoop more and more secure and they’re doing so at a rapid clip.
After all, unless enterprise managers are sure they can keep company data protected their adoption of Hadoop solutions won’t move much beyond the pilot stage.