Companies continue to work to improve Hadoop's security. For instance, in June 2014, cloud services provider Cloudera bought Gazzang, which offers software to secure Hadoop. Cloudera's CEO, Tom Reilly, explains the motivation behind the acquisition as follows: "[C]ompanies that are weighing the value of putting workloads in public cloud environments against security concerns will now be able to move forward by putting in place additional process-based access controls."6
But Hadoop's security is still a work in progress. For instance, speaking in InfoWorld, Tony Baer, an analyst with technology research firm Ovum, said that even though Cloudera's move adds "encryption and key management to Cloudera's distribution of Hadoop," concerns such as the need for "role-based access and single sign-on" remain.7
New Big Data Capabilities Are Changing Security Practices
Early on, big data was used mostly in specialty fields, notably academic and scientific research. It was too expensive and complex for most enterprises to use. Most of the tools that were available were developed by experts for experts. They were not built like commercial software products, with intuitive interfaces, helpful wizards, and other features that make using them easier. Furthermore, each tool performed only a limited number of functions, so building a big data program entailed using several different tools. There was little guidance available about how to do this, and doing so often required programming. If the tools were not linked correctly, security problems could emerge.
But a transition is underway. Developers are adding user-friendly features to big data tools, making them accessible to more IT departments.8 And big data capabilities are being used in a wider range of scenarios. In particular, these capabilities are increasingly found in security information and event management systems as a way to perform identify and access management (IAM). Describing the motivation behind this development, a NetworkWorld article by Jon Oltsik explains that "[s]oftware tools are great at automating and scaling processes but IAM is fraught with complex workflow, multiple identity repositories, and multiple accounts per user."9 The power of big data analytics enables organizations to manage identities and access rights despite this complexity.
The expansion of big data analytical tools into the realm of typical enterprises will change the way that security is practiced. Data that was once too time-consuming or resource-intensive to analyze will now be inspected in real time, and information from many sources will be correlated in ways that were impossible just a few years ago.10
But despite progress, big data technology is still under development. In particular, as described by Arnab Roy of Fujitsu Laboratories of America, people focused on one area of big data security have not extensively collaborated with people investigating other areas. "The absence that I see right now is a systematic, scientifically classified kind of organization of this space, where we can talk about security as a whole," says Roy.11 "Security is a problem of the entire system, and people have been doing it piecemeal. So the practitioners and scientists have to come together and work out holistic strategies."
Decide Whether Big Data Analytics Meet a Real Need
Big data analytics hold great promise, but that promise is not yet easy for a typical enterprise to put into practice.12 Describing this challenge, a member of CSA's Big Data Analytics subgroup, Wilco van Ginkel, says that if an enterprise asked him about big data analytics, he would first consider the enterprise's needs. "It's not so much do we need to jump on the big data analytics bandwagon, yes or no?" he explains. "The question is: Why should I?" The focus is best placed on real risks that a particular enterprise faces, says van Ginkel. He argues that many enterprises are tempted to use big data because of the buzz around it, but that the concept is so new that many of them lack the knowledge to do so.
At this stage, van Winkel sees most companies as "just scratching the surface" of the technology's potential, working with it in only limited ways. But this is slowly changing. For instance, he explains that some organizations are progressing from analytics that focus on past events to an approach that predicts future events. Overall, enterprises and players in the market are still trying to make sense of how to use big data analytics to meet actual needs, and this process will take time.
The need for specialized knowledge is emphasized by Peter Wood, CEO of security consulting firm First Base Technologies. "People with backgrounds in multivariate statistical analysis, data mining, predictive modeling, natural language processing, content analysis, text analysis, and social network analysis are all in demand," he writes in ComputerWeekly.13 "These analysts and scientists work with structured and unstructured data to deliver new insights and intelligence to the business. Platform management professionals are also needed to implement Hadoop clusters, secure, manage and optimize them."
1 Gartner. Gartner Survey Reveals That 64 Percent of Organizations Have Invested or Plan to Invest in Big Data in 2013 (press release). September 2013.
2 Press, G. Surveys Find Rising Adoption of Big Data. Forbes. September 2013.
3 EMC. Big Data Security Challenges. Forbes. February 2014.
4 Cloud Security Alliance. CSA Releases the Expanded Top Ten Big Data Security and Privacy Challenges. 2013.
5 Preimesberger, C. Hadoop Poses a Big Data Security Risk. eWeek. April 2013.
6 Worth, D. Cloudera Buys Gazzang to Boost Hadoop Big Data Security. V3.co.uk. June 2014.
7 Krill, P. Despite Gains, Hadoop Still Has Big Holes to Fill. InfoWorld. June 2014.
8 Taylor, B. How Big Data Is Changing the Security Analytics Landscape. TechRepublic. January 2014.
9 Oltsik, J. Big Data Security Analytics Meets Identify and Access Management. NetworkWorld. May 2014.
10Cardenas, A.A., Manadhata, P.K., and Rajan, S.P. Big Data Analytics for Security. IEEE Security & Privacy. November-December 2013.
11 Federal News Radio 1500AM. Interview with Dr. Arnab Roy. Available online from: https://cloudsecurityalliance.org/research/big-data/
12 Jordan, J. The Risks of Big Data for Companies. Wall Street Journal. October 2013.
13 Wood, P. How to Tackle Big Data from a Security Point of View. ComputerWeekly.com. Available online from: http://www.computerweekly.com/feature/How-to-tackle-big-data-from-a-security-point-of-view
About the Author
Geoff Keston is the author of more than 250 articles that help organizations find opportunities in business trends and technology. He also works directly with clients to develop communications strategies that improve processes and customer relationships. Mr. Keston has worked as a project manager for a major technology consulting and services company and is a Microsoft Certified Systems Engineer and a Certified Novell Administrator.
This article is based on a comprehensive report published by Faulkner Information Services, a division of Information Today, Inc., that provides a wide range of reports in the IT, telecommunications, and security fields. For more information, visit www.faulkner.com.
Copyright 2014, Faulkner Information Services. All Rights Reserved.