aNewDomain.net – Big data is all the rage these days, as companies gather unprecedented amounts of information, analyze it, and use it for strategic purposes. Yet big data is also a king-sized headache for security, creating a huge new target for hackers and other cybercriminals.
“The massive volume, velocity and variety of data are overwhelming to existing security solutions which were not designed and built with big data in mind,” claims Zettaset, a big data security company, in a white paper entitled “The Big Data Security Gap: Protecting the Hadoop Cluster.”
While enterprises are quick to deploy big data projects, security features are “sparse and aftermarket offerings are not fully tailored to these clusters,” according to a Securosis report on big data. Many organizations have rushed to implement highly scalable, low-cost clusters for data analysis without spending the necessary amount on security. The majority of deployments are insecure and “reliant on network and perimeter security support,” like password protection, Securosis said.
A key problem is that network architectures based on Hadoop weren’t created with security in mind, creating a host of problems for businesses that need to secure credit card numbers, social security numbers, and other user data.
In the white paper report, “The Big Data Security Gap: Protecting the Hadoop Cluster”, Zettaset reports: “Hadoop evolved from other open-source … projects, directed at building open source web search engines … with no built-in security.” The report continues, “Hadoop is also the open-source version of the Google MapReduce framework, and no security was designed into the software as the data being stored (public URLs) was not subject to privacy regulation.”
But data security vendors do feel distributed cluster security can be maintained. Zettaset says, “distributed cluster security can be addressed with traditional perimeter security solutions such as firewalls and intrusion detection/prevention technologies.”
When data is processed anywhere resources are available through massively parallel computation, the resulting complicated storage environments are highly vulnerable to attack. Since traditional security products are designed to protect a single database, when they attempt to secure huge distributed clusters of computers they struggle. While Hadoop does utilize Kerberos for security authentication, this protocol can be difficult to implement, and it doesn’t cover a number of other enterprise security requirements.
“When you put (security solutions) on a large scale distributed computing environment, they become either a choke point or a single point of failure for the entire cluster,” said Zettaset CTO Brian Christian in CSO.
Also, Hadoop is used in conjunction with other technologies like Hive, HBase or Pig. These additional tools help access and use big data, but often lack good enterprise-grade security.
Security professionals deal with security issues by placing controls at the edges of a network, but once attackers penetrate the perimeter they get unrestricted access to data, says Forrester. Instead, security professionals should place security controls as close as possible to the data store and the data itself, according to the Forrester report “Future of Data Security and Privacy: Controlling Big Data”.
The bottom line is that securing big data lags far behind the adoption of big data technology, said Chris Petersen, founder and CTO of LogRhythm, in CSO.
“While security catches up, there is going to (be) vulnerability,” he said. “My guess is that there is a lot of vulnerability right now in organizations adopting Hadoop.”Tags: Data Center,IT Security,Storage,Technology