Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Databases

Securing Native Big Data Deployments

advertisement 
Securing Native Big Data
Deployments
Steven C. Markey, MSIS, PMP, CISSP, CIPP/US , CISM, CISA, STS-EV, CCSK, Cloud +
Principal, nControl, LLC
Adjunct Professor
Securing Big Data
• Presentation Overview
– Why Should You Care?
– Big Data Overview
– Securing Native Big Data Deployments
Securing Big Data
• Why Should You Care
– Organizational Cost Reduction Requirements
• Justify Investments
• Improve Efficiencies (Productivity, Time to Market)
– Digital Information – 60%~ Annual Growth Rate (AGR)
– Data Storage – 15-20% AGR Capital Expense (CapEx)
– Categorization, Classification & Retention Magnify
• Compliance, Legal & Privacy Regulations
– Prevalent & Interconnected Business Ecosystems
•
•
•
•
Supply Chains
Business Process Outsourcers (BPO)
Information Technology Outsourcers (ITO)
Vendor’s Vendors
Source: IDC
Securing Big Data
Source: Flickr
Securing Big Data
• Big Data Overview
– Aggregated Data from the Following Sources
• Traditional
• Sensory
• Social
Securing Big Data
• Traditional Data
– Database Management Systems
•
•
•
•
Relational Database Management Systems (RDBMS)
Object-Oriented Database Management Systems (OODBMS)
Non-Relational, Distributed DB Management Systems (NRDBMS)
Mobile Databases (SQLite, Oracle Lite)
– Online Transaction Processing (OLTP)
• Real-Time Data Warehousing
– Online Analytical Processing (OLAP)
• Operational Data Stores (ODS)
• Enterprise Data Warehouses (EDW)
Securing Big Data
• Traditional Data
– OLAP
• Business Intelligence (BI)
– Data Mining
– Reporting
– OLAP (Continued)
» Relational OLAP (ROLAP)
» Multi-Dimensional OLAP (MOLAP)
» Hybrid OLAP (HOLAP)
OLTPODSEDW (Data Marts)BI (Data Mining)
OLTPODSEDW (Data Marts)BI (Reporting)
OLTPODSEDW (Data Marts)BI (OLAP)
Securing Big Data
• Source Data
– Log Files
• Event Logs / Operating System (OS) - Level
• Appliance / Peripherals
• Analyzers / Sniffers
– Multimedia
• Image Logs
• Video Logs
– Web Content Management (WCM)
• Web Logs
• Search Engine Optimization (SEO)
– Web Metadata
OpenStack
Monitoring/Metering
(Ceilometer)
Metrics
Messaging (Oslo)
Object Store (Swift)
Erasure
Object Storage
Code
Policy
Image Store (Glance)
OVF Meta-Data Import
User Interface (Horizon)
Expose Enhancements
Web Messaging (Zaqar)
Compute (Nova)
Enhanced Platform Awareness
Trusted Compute Pools
(Extended with Geo Tagging)
Block Storage (Cinder)
Filter Scheduler
Network Services (Neutron)
Intel® DPDK vSwitch
Advanced Services in VMs
Intelligent Workload Scheduling
Key Encryption & Management
VPN-as-a-Service (with Intel® QuickAssist Technology)
Key Service (Barbican)
10
Securing Big Data
• Big Data Overview
– Aggregators
• Mostly NRDBMS Implemtations
– Not only – Structured Query Language (NoSQL)
• NRDBMS Examples
–
–
–
–
Column Family Stores: BigTable (Google), Cassandra & HBase (Apache)
Key-Values Stores: App Engine DataStore (Google) & DynamoDB
Document Databases: CouchDB, MongoDB
Graph Databases: Neo4J
Securing Big Data
• Big Data Overview
– Serial Processing
• Hadoop
– Hadoop Distributed File System (HDFS)
– Hive – DW
– Pig – Querying Language
• Riak
– Parallel Processing
• HadoopDB
– Analytics
• Google MapReduce
• Apache MapReduce
• Splunk (for Security Information / Event Management [SIEM])
Securing Big Data
Securing Big Data
Securing Big Data
Securing Big Data
Securing Big Data
Source: Cloudera
Source: Wikispaces
Source: Google
Source: Cloudera
Source: Flickr
Securing Big Data
• Securing Cloud-Based NRDBMS Solutions
– General
• Focus on Application / Middleware-Level Security
–
–
–
–
Single Sign-on (SSO)
SQL Injections Are Still Possible
Leverage Application IAM for NRDBMS User Rights Mgmt (URM)
Leverage Application & System Logging for Accounting
• Segregation of Duties
– Read / Write Namespaces
– Read-Only Namespaces
– Specific
• Cryptography & Obfuscation
– Homomorphic Encryption
– Stateless Tokenization
SSO: Good, Bad & Ugly
• SSO Standards & Categories:
– Network: LDAP, Kerberos, RADIUS, RDBMS
–e.g., OpenLDAP, AD, Tivoli Access Manager
– Federated: SAML, OpenID, OAuth, WS-Federated, XACML
–e.g., Keycloak, PingFederate, ADFS, RSA Federated
SSO: Good, Bad & Ugly
Source: Microsoft
SSO: Good, Bad & Ugly
Source: OASIS
SSO: Good, Bad & Ugly
Source: OASIS
Source: Apache
Securing Big Data
Securing Big Data
Securing Big Data
Securing Big Data
Securing Big Data
+
=
Securing Big Data
Securing Big Data
Securing Big Data
Securing Big Data
Securing Big Data
Securing Big Data
Securing Big Data
Securing Big Data
• Presentation Take-Aways
– Big Data is Here to Stay
– It Has to be Secure
–Segregation of Data
–Access Controls
–Separation / Segregation of Duties
–Federated Identities
–Logging
–Crypto v2.0
–Homomorphic Encryption
–Stateless Tokenization
• Questions?
• Contact
– Email: steve@ncontrol-llc.com
– Twitter: markes1
– LI: http://www.linkedin.com/in/smarkey
Related documents
Introduction - Prof. Gordon Crawford, University of Leeds
Introduction - Prof. Gordon Crawford, University of Leeds
here - College of Education and Human Development
here - College of Education and Human Development
Copyright Flowchart - University of Victoria
Copyright Flowchart - University of Victoria
PPT - Volunteersue.com
PPT - Volunteersue.com
VCOP adn Maths Intervention
VCOP adn Maths Intervention
Understanding Natural Rights Philosophy
Understanding Natural Rights Philosophy
Unit 7 B - National Union of Teachers
Unit 7 B - National Union of Teachers
MDM with SC
MDM with SC
Planning expectations - Downe Manor Primary School
Planning expectations - Downe Manor Primary School
PowerPoint slides
PowerPoint slides
here - Euro Controle Route
here - Euro Controle Route
Download
advertisement