O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Securing the Data Hub--Protecting your Customer IP (Technical Workshop)

412 visualizações

Publicada em

Your data is your IP and its security is paramount. The last thing you want is for your data to become a target for threats. This workshop will focus on the realities of protecting your customer’s IP from external and internal threats with battle hardened technologies and methodologies. Another key concept that will be examined is the connection of people, processes and technology. In addition, the session will take a look at authentication and authorisation, auditing and data lineage as well as the different groups required to play a part in the modern data hub. We will also look at how to produce high impact operation reports from Cloudera’s RecordService a new core security layer that centrally enforces fine-grained access control policy, which helps close the feedback loop to ensure awareness of security as a living entity within your organisation.

Publicada em: Software
  • Seja o primeiro a comentar

Securing the Data Hub--Protecting your Customer IP (Technical Workshop)

  1. 1. 1© Cloudera, Inc. All rights reserved. Securing the Data Hub Protecting your Customer IP Mahdi Askari, System Engineer, Cloudera
  2. 2. 2© Cloudera, Inc. All rights reserved. Building a Secure Big Data Environment Mahdi Askari| Systems Engineer
  3. 3. 3© Cloudera, Inc. All rights reserved. Today’s Agenda • Understanding the threat • Addressing the four pillars • In depth analysis • Role based access control (demo) • Navigator audit (demo) • Competitive Comparison ( discussion )
  4. 4. 4© Cloudera, Inc. All rights reserved. Understanding the Threat
  5. 5. 5© Cloudera, Inc. All rights reserved. Security: Why is this Important? • Big Data is maturing • Was initially used by small segment of organisation • Many solutions moving from the “can it work” to “how can we do it responsibly” • Focus on inside user threats: • Standard users • Administrators • Compromised accounts
  6. 6. 6© Cloudera, Inc. All rights reserved. Threat: standard users • Big Data combines multiple datasets • A lot of value in the matched data • Very tempting to abuse: • Looking at ex-spouse or neighbours details • Dumping data to work on “offline” (on home systems) • Taking intellectual property to competitors
  7. 7. 7© Cloudera, Inc. All rights reserved. Threat: administrators • Changing attitudes: Administrators recognised as point of failure • Have all the same incentives as regular users • Plus: • Can potentially remove all trace of dumps • Could encrypt all your data, take the keys to non-extradition country. • How much would you pay to get it back?
  8. 8. 8© Cloudera, Inc. All rights reserved. Threat: compromised accounts • Technology is often hard to break. ( At least ours ;-) ) • Single point of failure is often human element • Source: Kevin Mitnick: The Art of Deception • How would you recognise different behaviour?
  9. 9. 9© Cloudera, Inc. All rights reserved. Addressing the Four Pillars
  10. 10. 10© Cloudera, Inc. All rights reserved. Demonstration: RBAC • Sentry Service: allows dynamic change to security policy • Prefered over policy files (require re-deployment) • We will demonstrate 3 core areas: • Basic RBAC on tables • RBAC on columns • RBAC on rows (via Record Service)
  11. 11. 11© Cloudera, Inc. All rights reserved. Demo Roles and Access • User Bob: Member’s of • Staff • Sensitive • User Alice: Member’s of • Staff • Finance
  12. 12. 12© Cloudera, Inc. All rights reserved. Demonstration: Navigator Audit • Cloudera provides an Enterprise Audit solution which is inescapable • Navigator Audit: • Even if Audit Service disabled, events still gathered asynchronously • Administrator actions audited • These are differentiators: competitor products don’t necessarily cover those points
  13. 13. 13© Cloudera, Inc. All rights reserved. Cloudera Manager & Ambari Roles Hierarchy Full Administrator Key Administrator Cluster Administrator Configurator Operator Limited Operator Read Only BDR Administrator User Administrator Navigator Administrator Auditor Ambari Roles
  14. 14. 14© Cloudera, Inc. All rights reserved. Competative Scenario - Compliance required auditing Required capability: All action are audited and data access can be reconstructed. With HDP Ranger admin: 1. Turns off audit on a policy , and grants themselves access to table. 2. Reads data from the financial details DB. 3. Sets policy back to the way it was. 4. Security officer sees NONE of this. 5. Use information to short the company on the margin. With Cloudera Enterprise, Cloudera Admin: 1. Grants themselves access to a given table. (can’t turn off audit, could pause service, but logs accumulate anyway) 2. Reads data from the financial details DB. 3. Sets policy back to the way it was. 4. Security officer sees ALL of this, alerts security 5. Admin is fired, arrested, escorted off property.
  15. 15. 15© Cloudera, Inc. All rights reserved. Thank you mahdi@cloudera.com | +61 432 126 777

×