Securing your Big Data Environment

On the 2015 Blackhat USA conference Ajit Gaddam gave a excellent talk on how to secure big data environments. Ajit is a CSA (Chief Security Architect) at VISA, and has been a co-author on the book Hadoop in Action.

Check out the talk in the video below.

In this talk he discusses 4 topics of securing big data environments

  • What is Big Data and why should I secure it
  • Security Risks & Threat Models
  • Big Data Security Framework
  • Successes, Failures, and Best Practices

The speaker has a focus on Hadoop and the importance of this data-platform. He emphasises on three reasons for Securing Hadoop

  1. Contains Sensitive Data
    – Teams go from a POC to deploying a production cluster, and with it petabytes of data.
    – Contains sensitive cardholder and other customer or corporate data that must be protected.
  2.  Subject to Regulatory Compliance
    – With #1 comes compliance to PCI, DSS, FISMA, HIPAA, EU laws, US federal/ state laws to protect P11, cardholder, and other in-scope data
  3.  Can enable your business
    – Before, usage was broad and possibly restrictive to non-sensitive data.
    – With security in place, you can allow for sensitive workloads on restricted datasets