Seeking to provide an to enterprise security requirements for big data initiatives, unified identity management specialist Centrify this week unveiled a privileged identity management solution for Hadoop created in partnership with leading Hadoop distribution companies Cloudera, Hortonworks and MapR Technologies.
"Hadoop was built historically from the open source side really to scale out," says Mark Weiner, chief marketing officer of Centrify. "It wasn't necessarily from the get-go viewed that you've got to run it in secure mode."
But as projects built on Hadoop move into production, security becomes an essential consideration. As Weiner notes, Hadoop clusters often contain sensitive personally identifiable information (PII) and other highly regulated data. That makes auditing and controlling user and administrator access to Hadoop and its underlying infrastructure essential to security and to meeting compliance requirements for regulations like SOX, PCI and HIPAA. Hadoop deployments often also introduce duplicate identity silos or have limitations in their support for complex Active Directory environments.
Protecting Data in Hadoop
"With the advent of major compliance mandates, ongoing concerns about application and data security, it is apparent that sensitive data in Hadoop must be protected as well as sensitive data in traditional databases," write Gartner Analysts Joerg Fritsch and Ramon Krikken in their 2014 report Protecting Big Data in Hadoop. "With the advent of Hadoop 2.0 — and the expanded, real-time applications — the likelihood of sharing data among many users and applications rather than isolating each application, as was often the case in the first generation, increases security exposures."
[Related: 12 Things I Hate About Hadoop ]
To help customers secure their Hadoop environments, Centrify's Weiner says the best path is to extend and optimize your existing enterprise-grade identity and security infrastructure rather than adding a new point solution.
"As you're making the move into production, you want to build in security when you start," he says. "You don't want to build it once you've got petabytes of data in there. You want to build that core security as you move into production. The key piece here is, guess what, you very likely already have that enterprise-grade identity infrastructure and security infrastructure in place in your app environment."
Centrify has taken its existing Centrify Server Suite 2015, a popularly deployed solution for securing identity on Linux- and Windows-based servers and applications, and optimized it for Hadoop and big data environments as well, giving users the ability to leverage existing skillsets. Centrify has built new features and compatibility enhancements in Kerberos network authentication, service account management and Active Directory and Hadoop interoperability.
Weiner notes this extends the security capabilities already provided by Hadoop platform vendors to include robust privilege management, while also simplifying and streamlining Hadoop deployments. Centrify has also built comprehensive integration guides and received product certifications from each of the major Hadoop providers in an effort to ensure compatibility and vendor collaboration with regard to technical support.
Some of the features of Centrify Server Suite 2015 include the following:
- Simple and secure access to Hadoop environments. The solution allows you to run Hadoop in secure mode using existing identity management infrastructure like Active Directory.
- Single sign-on (SSO) for IT administrators and big data users. By leveraging Active Directory's Kerberos and LDAP capabilities on Hadoop clusters, the solution provides Active Directory-based authentication for Hadoop administrators and end users. The SSO functionality allows users to log in as themselves, rather than sharing privileged accounts.
- Secure machine-to-machine communications. Server Suite automates Hadoop service account management, securing not only user identity but also system and service account identity.
- Reduced identity-related risks and greater regulatory compliance. The solution tracks user activity and associates it with an individual in Active Directory, creating an audit trail.
Centrify Server Suite 2015 is available today, licensed on a per server basis. Pricing starts at $385 per server.
This story, "Centrify extends identity management to Hadoop clusters" was originally published by CIO.