Cloudera Not Cutting It With Big Data Security

Cloudera Not Cutting It With Big Data Security 

Cloudera is, for the moment, a dominating presence in the open source Hadoop landscape; but does it have staying power? While Cloudera’s Big Data platform is the darling of the Hadoop space, they and their open source distribution competitors have so far failed to adequately address the elephant in the room: enterprise data security.

Cloudera’s Chief Architect and creator of Hadoop, Doug Cutting, recently discussed the growing value of Big Data in a CNBC Squawk Box segment, but nervously glossed over the subject of data security when it was raised. Benzinga reported Cutting as saying that, “…the value of Cloudera outweighs most security concerns,” thereby demonstrating a level of hubris and naivety that should put every IT security professional on high alert.  Their dismissive approach to Big Data security should really come as no surprise. Hadoop was not written with security in mind, and to date, the open source Hadoop community, including Cloudera, has not focused on addressing this critical gap.  For enterprise organizations with data at risk, especially those companies that must adhere to regulatory compliance mandates, this should be cause for concern.

Hadoop was a spin-off sub-project of Apache Lucene and Nutch projects, which are based on a MapReduce framework and a distributed file system. That initial application, web indexing, did not require any integrated security.  Hadoop is also the open-source version of the Google MapReduce framework, and the data being stored (public URLs) was not subject to privacy regulation. The open source Hadoop community supports some security features through the current implementation of Kerberos, the use of firewalls, and basic HDFS permissions.  However, Kerberos is difficult to install, configure, and integrate with Active Directory (AD) and Lightweight Directory Access Protocol, (LDAP) services.  Even with special network configuration, a firewall has limited effectiveness, can only restrict access on an IP/port basis, and knows nothing of the Hadoop File System or Hadoop itself.

Enterprises want the same security capabilities for Big Data as they have now for “non-Big Data” information systems, including solutions that address user authentication, access control, policy enforcement, and encryption.  Many organizations require these Big Data safeguards in order to maintain regulatory compliance with HIPAA, HITECH, SOX, PCI/DSS, and other security and privacy mandates.  But they won’t find those safeguards in open source Hadoop distributions today.  Community initiatives underway such as Knox and Rhino are intended to improve Hadoop’s security posture, but tangible results will take time and will certainly lag behind more aggressive commercial efforts.

Cloudera and other distribution vendors are essentially branding open source Hadoop, along with its inherent security limitations.  While Cloudera is perceived as a software company, in reality the vast majority of its revenue is derived from professional services, training, and support.  It’s unlikely that Cloudera will suddenly invert its business model and come to the rescue with an integrated software solution for data security.  Does this mean that Cloudera and other open source Hadoop solutions are dangerous to deploy?  Only if IT organizations ignore the inherent security gaps and risks involved, and do not take adequate precautions to secure the data store.

The recent $45 million cybercrime heist involving ATM machines in New York and around the world is a perfect example of how unauthorized access to a compromised data store can result in tremendous financial loss to the victimized financial institution.  And, by the way, ATM transaction records are exactly the kind of unstructured Big Data that ends up being stored in a Hadoop environment.

For organizations needing robust Big Data security now, Orchestrator, a commercial software solution from Zettaset, provides enterprise-class security that is embedded in the Big Data cluster itself, moving security as close as possible to the data, and providing protection that perimeter security devices such as firewalls simply cannot deliver.   Zettaset’s Orchestrator software automates cluster management and security, and works in conjunction with most Hadoop distributions, including Cloudera’s, to address open source vulnerabilities in datacenter environments where security and compliance is a business imperative.

While open source Hadoop solutions such as Cloudera’s do indeed have value, make no mistake: The security demands of today’s at-risk enterprises clearly represent a much higher priority for IT professionals and the organizations they serve.

By Jim Vogt /  Zettaset CEO

With more than 25 years of leadership experience in both start-up and established corporations, Jim Vogt brings a wealth of business and technology expertise to his role as president and CEO of Zettaset. Most recently, Jim served as senior vice president and general manager of the Cloud Services business unit at Blue Coat Systems. Prior to Blue Coat, he served as president and CEO at Trapeze Networks, which was acquired by Belden, Inc. He was also president and CEO at data encryption start-up Ingrian Networks (acquired in April, 2008 by SafeNet).

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

3 Responses to Cloudera Not Cutting It With Big Data Security

  1. I completely agree that statements like  “…the value of Cloudera outweighs most security concerns,” should be cause for alarm. However, security belongs right-up front in any deployment or integration project as a key part of the design phase. Adding security after deployment often leads to compromises or overlooked gaps. Having the security hooks baked in from the beginning is often a great approach, and I look forward to seeing how Zettaset evolves in relation to big data security.

  2. Nice post, Jim. However, I disagree with the fundamental premise that Cloudera is not doing enough to address Hadoop security. In fact, I think they’re taking the right approach by tackling security through their partner ecosystem vs. bolting on heavy-duty security to Hadoop themselves. This allows Cloudera to focus more on their core business of providing customers with a better, faster, stronger, more enterprise-ready big data systems, while leaving the all-important job of data security to the experts in their respective fields. I wrote a blog on this topic, which you can find here: http://www.gazzang.com/blog.

  3. I’m pleased to see that this blog has generated some good discussion.   I want to point out that my original criticism of Cloudera arose from their executive management’s surprising assertion that the value of their Hadoop distribution outweighs the overall need for data security in the enterprise.  I think everyone who understands enterprise data security, especially IT professionals who are responsible for risk management, will agree with me.  Despite what Cloudera management says, the need for security in the Big Data environment is paramount.  The awareness of that need is apparent to the enterprises and partners that we work with, who clearly view Hadoop’s security limitations as a barrier to broader adoption, and are seeking a strong foundational approach to Hadoop cluster security.   The “build today, secure tomorrow” approach won’t work with organizations in regulated industries.  Enterprises that deal with data-of-consequence such as individual financial, health, or retail transaction records, understand the serious nature of a datastore breach and its potential impact on the business, and are looking for security solutions that extend beyond the open source capabilities.  In order for Hadoop adoption to accelerate, it is important that open source Hadoop distribution vendors openly acknowledge the security gap to the market, deal with the issue transparently, and not dismiss security as an after-thought.  Although there are multiple projects addressing this in the open source community, that will take some time.  Zettaset has published a http://www.zettaset.com/info-center/datasheets/zettaset_wp_security_0413.pdf that addresses this issue in more detail, and we are accelerating  the adoption of Hadoop for enterprises with a secure solution which complements the open source today.

Cloud Infographic – Interesting Big Data Facts

Cloud Infographic – Interesting Big Data Facts

Big Data Facts You Didn’t Know The term Big Data has been buzzing around tech circles for a few years now. Forrester has defined big data as “Technologies and techniques that make capturing value from data at an extreme scale economical.” The key word here is economical. If the costs of extracting, processing, and making use…

Cloud Infographic – The Internet Of Things In 2020

Cloud Infographic – The Internet Of Things In 2020

The Internet Of Things In 2020 The growing interest in the Internet of Things is amongst us and there is much discussion. Attached is an archived but still relevant infographic by Intel which has produced a memorizing snapshot at how the number of connected devices have exploded since the birth of the Internet and PC.…

Mobile Connected Technologies – The Future Of The Healthcare Industry

Mobile Connected Technologies – The Future Of The Healthcare Industry

Mobile Connected Technologies Clinics, hospitals, and other healthcare facilities are embracing new mobile technologies in order to be more efficient in their daily tasks. With faster communication and better collaboration, clinicians can spend much less time handling medical devices and more time administering care to their patients. Industry experts are stating that mobile connected technologies…

Cloud Infographic – Cloud Computing And SMEs

Cloud Infographic – Cloud Computing And SMEs

Cloud Computing And SMEs SMEs (Small/Medium Sized Enterprises) make up the bulk of businesses today. Most cloud based applications created today are geared toward the SME market. Accounting, Storage, Backup services are just a few of them. According to the European Commission, cloud based technology could help 80% of organisations reduce costs by 10-20%. This infographic provided…

5 Predictions For Education Technology

5 Predictions For Education Technology

Education Technology Although technology has fast influenced most sectors of our world, education is an area that’s lagged behind. Many classrooms still employ the one-to-many lecturing model wherein the average student is catered for while a few are left behind, and others bored. Recently, there’s been a drive to uncover how to use technology successfully…

Explosive Growth Of Data-Driven Marketing

Explosive Growth Of Data-Driven Marketing

Data-Driven Marketing There is an absolute endless amount of data that is being accumulated, dissected, analyzed with the important bits extracted and used for a number of purposes. With the amount of data in the world has already reached into multiple zettabytes annually. A Zettabyte is one million petabytes or one thousand exabytes. With data…

Why Small Businesses Need A Business Intelligence Dashboard

Why Small Businesses Need A Business Intelligence Dashboard

The Business Intelligence Dashboard As a small business owner you would certainly know the importance of collecting and analyzing data pertaining to your business and transactions. Business Intelligence dashboards allow not only experts but you also to access information generated by analysis of data through a convenient display. Anyone in the company can have access…

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

Why Businesses Need Hybrid Solutions Running a cloud server is no longer the novel trend it once was. Now, the cloud is a necessary data tier that allows employees to access vital company data and maintain productivity from anywhere in the world. But it isn’t a perfect system — security and performance issues can quickly…

Cloud Computing – A Requirement For Greater Innovation

Cloud Computing – A Requirement For Greater Innovation

Cloud Computing Innovation Sao Paulo, Brazil has had trouble with both energy and water supplies as of late. Despite it is the rainy period. Unfortunately Sao Paulo is very dependent on its rain as a majority of its power is generated from large dams. No water, no energy. Difficult situation for a city of some…

Cloud Computing Then & Now

Cloud Computing Then & Now

The Evolving Cloud  From as early as the onset of modern computing, the possibility of resource distribution has been explored. Today’s cloud computing environment goes well beyond what most could even have imagined at the birth of modern computing and innovation in the field isn’t slowing. A Brief History Matillion’s interactive timeline of cloud begins…