Cloudera Not Cutting It With Big Data Security

Cloudera Not Cutting It With Big Data Security 

Cloudera is, for the moment, a dominating presence in the open source Hadoop landscape; but does it have staying power? While Cloudera’s Big Data platform is the darling of the Hadoop space, they and their open source distribution competitors have so far failed to adequately address the elephant in the room: enterprise data security.

Cloudera’s Chief Architect and creator of Hadoop, Doug Cutting, recently discussed the growing value of Big Data in a CNBC Squawk Box segment, but nervously glossed over the subject of data security when it was raised. Benzinga reported Cutting as saying that, “…the value of Cloudera outweighs most security concerns,” thereby demonstrating a level of hubris and naivety that should put every IT security professional on high alert.  Their dismissive approach to Big Data security should really come as no surprise. Hadoop was not written with security in mind, and to date, the open source Hadoop community, including Cloudera, has not focused on addressing this critical gap.  For enterprise organizations with data at risk, especially those companies that must adhere to regulatory compliance mandates, this should be cause for concern.

Hadoop was a spin-off sub-project of Apache Lucene and Nutch projects, which are based on a MapReduce framework and a distributed file system. That initial application, web indexing, did not require any integrated security.  Hadoop is also the open-source version of the Google MapReduce framework, and the data being stored (public URLs) was not subject to privacy regulation. The open source Hadoop community supports some security features through the current implementation of Kerberos, the use of firewalls, and basic HDFS permissions.  However, Kerberos is difficult to install, configure, and integrate with Active Directory (AD) and Lightweight Directory Access Protocol, (LDAP) services.  Even with special network configuration, a firewall has limited effectiveness, can only restrict access on an IP/port basis, and knows nothing of the Hadoop File System or Hadoop itself.

Enterprises want the same security capabilities for Big Data as they have now for “non-Big Data” information systems, including solutions that address user authentication, access control, policy enforcement, and encryption.  Many organizations require these Big Data safeguards in order to maintain regulatory compliance with HIPAA, HITECH, SOX, PCI/DSS, and other security and privacy mandates.  But they won’t find those safeguards in open source Hadoop distributions today.  Community initiatives underway such as Knox and Rhino are intended to improve Hadoop’s security posture, but tangible results will take time and will certainly lag behind more aggressive commercial efforts.

Cloudera and other distribution vendors are essentially branding open source Hadoop, along with its inherent security limitations.  While Cloudera is perceived as a software company, in reality the vast majority of its revenue is derived from professional services, training, and support.  It’s unlikely that Cloudera will suddenly invert its business model and come to the rescue with an integrated software solution for data security.  Does this mean that Cloudera and other open source Hadoop solutions are dangerous to deploy?  Only if IT organizations ignore the inherent security gaps and risks involved, and do not take adequate precautions to secure the data store.

The recent $45 million cybercrime heist involving ATM machines in New York and around the world is a perfect example of how unauthorized access to a compromised data store can result in tremendous financial loss to the victimized financial institution.  And, by the way, ATM transaction records are exactly the kind of unstructured Big Data that ends up being stored in a Hadoop environment.

For organizations needing robust Big Data security now, Orchestrator, a commercial software solution from Zettaset, provides enterprise-class security that is embedded in the Big Data cluster itself, moving security as close as possible to the data, and providing protection that perimeter security devices such as firewalls simply cannot deliver.   Zettaset’s Orchestrator software automates cluster management and security, and works in conjunction with most Hadoop distributions, including Cloudera’s, to address open source vulnerabilities in datacenter environments where security and compliance is a business imperative.

While open source Hadoop solutions such as Cloudera’s do indeed have value, make no mistake: The security demands of today’s at-risk enterprises clearly represent a much higher priority for IT professionals and the organizations they serve.

By Jim Vogt /  Zettaset CEO

With more than 25 years of leadership experience in both start-up and established corporations, Jim Vogt brings a wealth of business and technology expertise to his role as president and CEO of Zettaset. Most recently, Jim served as senior vice president and general manager of the Cloud Services business unit at Blue Coat Systems. Prior to Blue Coat, he served as president and CEO at Trapeze Networks, which was acquired by Belden, Inc. He was also president and CEO at data encryption start-up Ingrian Networks (acquired in April, 2008 by SafeNet).

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Moving Your Email To The Cloud? Beware Of Unintentional Data Spoliation!

Moving Your Email To The Cloud? Beware Of Unintentional Data Spoliation!

Cloud Email Migration In today’s litigious society, preserving your company’s data is a must if you (and your legal team) want to avoid hefty fines for data spoliation. But what about when you move to the cloud? Of course, you’ve probably thought of this already. You’ll have a migration strategy in place and you’ll carefully…

Cloud-Based Services vs. On-Premises: It’s About More Than Just Dollars

Cloud-Based Services vs. On-Premises: It’s About More Than Just Dollars

Cloud-Based Services vs. On-Premises The surface costs might give you pause, but the cost of diminishing your differentiators is far greater. Will a shift to the cloud save you money? Potential savings are historically the main business driver cited when companies move to the cloud, but it shouldn’t be viewed as a cost-saving exercise. There…

Staying on Top of Your Infrastructure-as-a-Service Security Responsibilities

Staying on Top of Your Infrastructure-as-a-Service Security Responsibilities

Infrastructure-as-a-Service Security It’s no secret many organizations rely on popular cloud providers like Amazon and Microsoft for access to computing infrastructure. The many perks of cloud services, such as the ability to quickly scale resources without the upfront cost of buying physical servers, have helped build a multibillion-dollar cloud industry that continues to grow each…

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

Why Businesses Need Hybrid Solutions Running a cloud server is no longer the novel trend it once was. Now, the cloud is a necessary data tier that allows employees to access vital company data and maintain productivity from anywhere in the world. But it isn’t a perfect system — security and performance issues can quickly…

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart  Breaches Formal verification is not a new concept. In a nutshell, the process uses sophisticated math to prove or disprove whether a system achieves its desired functional specifications. It is employed by organizations that build products that absolutely cannot fail. One of the reasons NASA rovers are still roaming Mars…

Technology Influencer in Chief: 5 Steps to Success for Today’s CMOs

Technology Influencer in Chief: 5 Steps to Success for Today’s CMOs

Success for Today’s CMOs Being a CMO is an exhilarating experience – it’s a lot like running a triathlon and then following it with a base jump. Not only do you play an active role in building a company and brand, but the decisions you make have direct impact on the company’s business outcomes for…

The Rise Of BI Data And How To Use It Effectively

The Rise Of BI Data And How To Use It Effectively

The Rise of BI Data Every few years, a new concept or technological development is introduced that drastically improves the business world as a whole. In 1983, the first commercially handheld mobile phone debuted and provided workers with an unprecedented amount of availability, leading to more productivity and profits. More recently, the Cloud has taken…

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Federal Government Cloud Adoption No one has ever accused the U.S. government of being technologically savvy. Aging software, systems and processes, internal politics, restricted budgets and a cultural resistance to change have set the federal sector years behind its private sector counterparts. Data and information security concerns have also been a major contributing factor inhibiting the…

The Security Gap: What Is Your Core Strength?

The Security Gap: What Is Your Core Strength?

The Security Gap You’re out of your mind if you think blocking access to file sharing services is filling a security gap. You’re out of your mind if you think making people jump through hoops like Citrix and VPNs to get at content is secure. You’re out of your mind if you think putting your…