As adoption of NoSQL solutions like Apache Cassandra grows, so too does the likelihood that organizations will use it to capture and analyze sensitive data. Enterprises that don't take every precaution to protect this data leave themselves exposed to risk of a data breach, and depending on the regulatory nature of the data, fines for noncompliance. This session will discuss how transparent data encryption and advanced key management protect data at-rest and in-flight, so regardless of where the data resides — either on premises or in the cloud -- it remains garbled and unreadable to all people, processes and applications that don't require immediate access. The session will also cover DevOps automation tools that ensure rapid distributed deployment of big data security across thousands of nodes.
C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood
1. Lock it Up: Securing Sensitive Data
Sam Heywood vice president of marketing, Gazzang
2. * Flexibility
* Scalability
* Performance
* Manage massive volumes of structured and unstructured data
Apache Cassandra Benefits
3. * Flexibility
* Scalability
* Performance
* Manage massive volumes of structured and
unstructured data
Apache Cassandra Benefits
4. * Personally identifiable information
* Insurance claim details
* Genomics research data
* Customer profile data
* Medical treatment histories
* Confidential financial records
* Student records
* DRM data
* Social media credentials
* GPS location data
Datasets Our Customers are Managing with Cassandra
5. * Personally identifiable information
* Insurance claim details
* Genomics research data
* Customer profile data
* Medical treatment histories
* Confidential financial records
* Student records
* DRM data
* Social media credentials
Datasets Our Customers are Managing with Cassandra
6. * Personally identifiable information
* Insurance claim details
* Genomics research data
* Customer profile data
* Medical treatment histories
* Confidential financial records
* Student records
* DRM data
* Social media credentials
* GPS location data
Datasets Our Customers are Managing with Cassandra
7. * Personally identifiable information
* Insurance claim details
* Genomics research data
* Customer profile data
* Medical treatment histories
* Confidential financial records
* Student records
* DRM data
* Social media credentials
* GPS location data
Datasets Our Customers are Managing with Cassandra
8. * Personally identifiable information
* Insurance claim details
* Genomics research data
* Customer profile data
* Medical treatment histories
* Confidential financial records
* Student records
* DRM data
* Social media credentials
* GPS location data
Datasets Our Customers are Managing with Cassandra
11. * The average cost of a data breach in the US is $5.5 million dollars
* In March, the U.S Department of HHS and BCBS of Tennessee settled
for $1.5 million for potential HIPAA violations
• 1
million
individual’s
records
were
breached
off
unencrypted
hard
drives
• Stronger
HIPAA
rules
increase
fines
for
non-‐compliance
Breaches are Expensive
12. It’s the Right Thing To Do For Your Customers
Most Importantly…
13. * “I need to protect sensitive data in my cloud”
• Ensure
sensiBve
data
and
encrypBon
keys
are
never
stored
in
plain
text
or
exposed
publicly
• Maintain
control
of
your
encrypBon
keys
and
your
regulatory
data
to
ensure
compliance
* “Help me secure my big data infrastructure”
• Harden
Big
Data
infrastructures
that
have
weak
security
and
no
cryptographic
protecBon
• Maintain
Big
Data
performance
and
availability
What We Hear From Our Customers
14. * “I need to maintain control of my keys”
• Manage
the
rapid
growth
of
key,
cerBficate,
token,
and
object
proliferaBon
caused
by
cloud/Big
Data
adopBon
• Consolidate
IT
security
objects
and
bring
them
under
a
consistent
set
of
controls
and
policies
* “My cloud provider should not have access to my data”
• Deploy
mulB-‐factor
authenBcaBon
in
the
cloud
• Establish
and
enforce
robust
access
controls
for
sensiBve
objects
What We Hear From Our Customers
15. * zNcrypt™
• Provides
transparent
data
encrypBon
to
secure
Big
Data
(NoSQL
and
SQL
open
source
plaRorms)
in
the
cloud
or
on
premises.
* zTrustee™
• A
soUware
only
“virtual
HSM”
to
manage
and
secure
ANY
opaque
IT
object.
Policy-‐driven
vault
for
securing
and
managing
an
organizaBon’s
most
important
IT
security
items
(cryptographic
keys,
tokens,
cerBficates,
configs,
and
more).
* zOps™
• A
single,
unified
console
for
monitoring
Gazzang
acBons
and
their
impact
on
the
“Big
Data
stack”(security
threats,
cloud
integrity,
IO,
performance,
machine
behavior
and
more).
The Gazzang Solution Suite
16. zNcrypt sits between the file system and any database, application or
service running on Linux to encrypt data before written to the disk.
• AES-256 encryption
• Process-based ACLs
• Multiple encrypted mount points
• Requires no changes to app,
data or storage
• Enterprise scalability
• Packaged support for Cassandra,
Hadoop, MongoDB, MySQL,
PostgreSQL, Riak
Gazzang File Level Encryption
17. Securing “opaque objects” with policy management and adaptive
“trustee” authorization capabilities
Gazzang zTrustee™ - Controlling Authentication Objects
• Trustee
votes
• Time
to
live
• Retrieval
limits
• Single-‐use
URL
• Client
permissions
Trustees
must
approve
release
of
objects
in
accordance
with
the
deposit
policy
API
Library
• Java
• Python
• C
library
18. * Install zNcrypt
• Package
managers
(yum,
apt-‐get)
and
Chef
* Create master encryption key
• Passphrase
method
(opBonal
“split
security”)
• RSA
Key
file
method
* Create ACLs
• Simple
command-‐lines
(ALLOW/DENY
style)
• Almost
any
process
or
script
allowed:
• Virtually
any
applicaBon,
process
or
script:
Apache,
Tomcat,
MongoDB,
MySQL,
backup
soUware,
document
management,
etc
* Encrypt data
• Simple
command
line
calls,
down
to
the
file
level
Ease of Deployment
21. * Headquartered in Austin, TX
* Focused on high-performance data encryption
and key management
* Specialize in securing cloud and big data
environments: Apache Cassandra and Hadoop
* Serve a variety of verticals: Health care, retail,
government, education, IT
About Gazzang
22. * Visit www.gazzang.com/csummitsf
• Take
our
survey
for
a
chance
to
win
a
$200
Amex
• Download
our
“Securing
Cassandra”
white
paper
• Watch
the
Gazzang-‐DataStax
security
webinar
• Stop
by
our
booth
for
a
chance
to
win
a
GoPro
camera
* Email sales@gazzang.com to set up a demo
Thank You