Cloudera Not Cutting It With Big Data Security

Cloudera Not Cutting It With Big Data Security 

Cloudera is, for the moment, a dominating presence in the open source Hadoop landscape; but does it have staying power? While Cloudera’s Big Data platform is the darling of the Hadoop space, they and their open source distribution competitors have so far failed to adequately address the elephant in the room: enterprise data security.

Cloudera’s Chief Architect and creator of Hadoop, Doug Cutting, recently discussed the growing value of Big Data in a CNBC Squawk Box segment, but nervously glossed over the subject of data security when it was raised. Benzinga reported Cutting as saying that, “…the value of Cloudera outweighs most security concerns,” thereby demonstrating a level of hubris and naivety that should put every IT security professional on high alert.  Their dismissive approach to Big Data security should really come as no surprise. Hadoop was not written with security in mind, and to date, the open source Hadoop community, including Cloudera, has not focused on addressing this critical gap.  For enterprise organizations with data at risk, especially those companies that must adhere to regulatory compliance mandates, this should be cause for concern.

Hadoop was a spin-off sub-project of Apache Lucene and Nutch projects, which are based on a MapReduce framework and a distributed file system. That initial application, web indexing, did not require any integrated security.  Hadoop is also the open-source version of the Google MapReduce framework, and the data being stored (public URLs) was not subject to privacy regulation. The open source Hadoop community supports some security features through the current implementation of Kerberos, the use of firewalls, and basic HDFS permissions.  However, Kerberos is difficult to install, configure, and integrate with Active Directory (AD) and Lightweight Directory Access Protocol, (LDAP) services.  Even with special network configuration, a firewall has limited effectiveness, can only restrict access on an IP/port basis, and knows nothing of the Hadoop File System or Hadoop itself.

Enterprises want the same security capabilities for Big Data as they have now for “non-Big Data” information systems, including solutions that address user authentication, access control, policy enforcement, and encryption.  Many organizations require these Big Data safeguards in order to maintain regulatory compliance with HIPAA, HITECH, SOX, PCI/DSS, and other security and privacy mandates.  But they won’t find those safeguards in open source Hadoop distributions today.  Community initiatives underway such as Knox and Rhino are intended to improve Hadoop’s security posture, but tangible results will take time and will certainly lag behind more aggressive commercial efforts.

Cloudera and other distribution vendors are essentially branding open source Hadoop, along with its inherent security limitations.  While Cloudera is perceived as a software company, in reality the vast majority of its revenue is derived from professional services, training, and support.  It’s unlikely that Cloudera will suddenly invert its business model and come to the rescue with an integrated software solution for data security.  Does this mean that Cloudera and other open source Hadoop solutions are dangerous to deploy?  Only if IT organizations ignore the inherent security gaps and risks involved, and do not take adequate precautions to secure the data store.

The recent $45 million cybercrime heist involving ATM machines in New York and around the world is a perfect example of how unauthorized access to a compromised data store can result in tremendous financial loss to the victimized financial institution.  And, by the way, ATM transaction records are exactly the kind of unstructured Big Data that ends up being stored in a Hadoop environment.

For organizations needing robust Big Data security now, Orchestrator, a commercial software solution from Zettaset, provides enterprise-class security that is embedded in the Big Data cluster itself, moving security as close as possible to the data, and providing protection that perimeter security devices such as firewalls simply cannot deliver.   Zettaset’s Orchestrator software automates cluster management and security, and works in conjunction with most Hadoop distributions, including Cloudera’s, to address open source vulnerabilities in datacenter environments where security and compliance is a business imperative.

While open source Hadoop solutions such as Cloudera’s do indeed have value, make no mistake: The security demands of today’s at-risk enterprises clearly represent a much higher priority for IT professionals and the organizations they serve.

By Jim Vogt /  Zettaset CEO

With more than 25 years of leadership experience in both start-up and established corporations, Jim Vogt brings a wealth of business and technology expertise to his role as president and CEO of Zettaset. Most recently, Jim served as senior vice president and general manager of the Cloud Services business unit at Blue Coat Systems. Prior to Blue Coat, he served as president and CEO at Trapeze Networks, which was acquired by Belden, Inc. He was also president and CEO at data encryption start-up Ingrian Networks (acquired in April, 2008 by SafeNet).

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

3 Responses to Cloudera Not Cutting It With Big Data Security

  1. I completely agree that statements like  “…the value of Cloudera outweighs most security concerns,” should be cause for alarm. However, security belongs right-up front in any deployment or integration project as a key part of the design phase. Adding security after deployment often leads to compromises or overlooked gaps. Having the security hooks baked in from the beginning is often a great approach, and I look forward to seeing how Zettaset evolves in relation to big data security.

  2. Nice post, Jim. However, I disagree with the fundamental premise that Cloudera is not doing enough to address Hadoop security. In fact, I think they’re taking the right approach by tackling security through their partner ecosystem vs. bolting on heavy-duty security to Hadoop themselves. This allows Cloudera to focus more on their core business of providing customers with a better, faster, stronger, more enterprise-ready big data systems, while leaving the all-important job of data security to the experts in their respective fields. I wrote a blog on this topic, which you can find here: http://www.gazzang.com/blog.

  3. I’m pleased to see that this blog has generated some good discussion.   I want to point out that my original criticism of Cloudera arose from their executive management’s surprising assertion that the value of their Hadoop distribution outweighs the overall need for data security in the enterprise.  I think everyone who understands enterprise data security, especially IT professionals who are responsible for risk management, will agree with me.  Despite what Cloudera management says, the need for security in the Big Data environment is paramount.  The awareness of that need is apparent to the enterprises and partners that we work with, who clearly view Hadoop’s security limitations as a barrier to broader adoption, and are seeking a strong foundational approach to Hadoop cluster security.   The “build today, secure tomorrow” approach won’t work with organizations in regulated industries.  Enterprises that deal with data-of-consequence such as individual financial, health, or retail transaction records, understand the serious nature of a datastore breach and its potential impact on the business, and are looking for security solutions that extend beyond the open source capabilities.  In order for Hadoop adoption to accelerate, it is important that open source Hadoop distribution vendors openly acknowledge the security gap to the market, deal with the issue transparently, and not dismiss security as an after-thought.  Although there are multiple projects addressing this in the open source community, that will take some time.  Zettaset has published a http://www.zettaset.com/info-center/datasheets/zettaset_wp_security_0413.pdf that addresses this issue in more detail, and we are accelerating  the adoption of Hadoop for enterprises with a secure solution which complements the open source today.

How Your Business Can Overcome Its Fear of BYOD

How Your Business Can Overcome Its Fear of BYOD

Overcoming BYOD Fear While the popularity of the remote workforce has been on the rise, more and more people are returning to the office to work out of fear that their business data isn’t secure, according to a Neustar report. A whopping 83 percent of respondents are worried about the security of their files, and 27…

Finally, The Time For Security Information Event Management (SIEM)

Finally, The Time For Security Information Event Management (SIEM)

The Time For SIEM Security Information Event Management (SIEM) tools have been around for a long time. My first encounter with a SIEM vendor was about twenty years ago while being courted to resell their product. To this day, I still recall two vivid memories from that meeting; the product was very complex and quite…

Hoarders And Data Collectors:  On The Brink Of Unmanageability

Hoarders And Data Collectors: On The Brink Of Unmanageability

Hoarders and Data Collectors In our physical world, hoarders are deemed “out of control” when they collect too much.  Surely the same analogy applies in our online world.  When providers collect realms of data from us, it seems they lose control of that too?  In the last months it’s not just the frequency of data…

Are You SURE You Are Ready For The Cloud?: Security of Business

Are You SURE You Are Ready For The Cloud?: Security of Business

Cloud Business Security Last month I went into the financial side of moving to the cloud. This month I am going to focus on the other main reason I have seen customers migrate to the cloud: Security of business. When I say security, I do not mean username and passwords, but a stability of the environment…

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

Why Businesses Need Hybrid Solutions Running a cloud server is no longer the novel trend it once was. Now, the cloud is a necessary data tier that allows employees to access vital company data and maintain productivity from anywhere in the world. But it isn’t a perfect system — security and performance issues can quickly…

New Smartphones From Apple, Samsung and HTC Promise To Light Up 2016

New Smartphones From Apple, Samsung and HTC Promise To Light Up 2016

New Smartphones from Apple, Samsung and HTC (Sponsored post courtesy of Verizon Wireless) The launch of the Galaxy S7 Edge at the Mobile World Congress in Barcelona during February was the first shot in a vintage year for mobile phones. The S7 is an incredible piece of hardware, but launches from HTC and Apple later in the…

Featured Sponsored Articles
How Successful Businesses Ensure Quality Team Communication

How Successful Businesses Ensure Quality Team Communication

Quality Team Communication  (Sponsored post courtesy of Hubgets) Successful team communication and collaboration are as vital to project and overall business success as the quality of products and services an organization develops. We rely on a host of business tools to ensure appropriate customer interactions, sound product manufacturing, and smooth back-end operations. However, the interpersonal relationships…

Featured Sponsored Articles
How To Develop A Business Continuity Plan Using Internet Performance Management

How To Develop A Business Continuity Plan Using Internet Performance Management

Internet Performance Management Planning CDN Performance Series Provided By Dyn In our previous post, we laid out the problems of business continuity and Internet Performance Management in today’s online environment.  In this article, we will take a look at some of the ways you can use traffic steering capabilities to execute business continuity planning and…

Featured Sponsored Articles

CloudTweaks is recognized as one of the leading influencers in cloud computing, infosec, big data and the internet of things (IoT) information. Our goal is to continue to build our growing information portal by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Sponsor