Slideshow 10 Big Data Security Considerations

  • June 02 2015, 7:20am EDT
12 Images Total

10 Steps to Big Data Security

As organizations gather and manage more and more big data, here are 10 best practices to protect all of that information from hackers and cyber breaches.

1. Think Even Bigger

Before we dive into security for specific big data platforms (like Hadoop, NoSQL and more) in the slides ahead, let’s think holistically. Make sure your company has a well-tested security and compliance strategy in place – covering physical assets (facilities); network and IT infrastructure; applications and data. Include clearly defined responsibilities for specific executives; contingency plans for potential breach scenarios; and testing schedules to help fine-tune the plan on a regular basis.

Content Continues Below

2. Basic Hadoop Security

Apache Hadoop, the grid technology, is increasingly popular for storing massive amounts of data. By default, Hadoop runs in non-secure mode. When service-level authentication is turned on, Hadoop end-users must be authenticated by Kerberos – the popular computer network authentication protocol. For details, visit The Apache Software Foundation’s Hadoop security overview.

3. Deeper Hadoop Security Offerings

The major Hadoop distribution providers – including Cloudera, Hortonworks and MapR – also offer various security solutions that support authentication, authorization, encryption and more. For details, visit Cloudera secrurity, MapR security and Hortonworks overviews.

4. Track Hadoop Data Governance

Hadoop originally lacked consistent data governance methodologies. But Hortonworks is striving to close that gap with the Data Governance Initiative (DGI). Major partners like Aetna, Merck, Target and SAS are involved in the effort – which strives to ensure Hadoop governance standards are (1) transparent and available to all, (2) reproducible and auditable and (3) consistent. Still a work in progress, DGI initiative updates are available here.

Content Continues Below

5. NoSQL Security Checklist

NoSQL databases are designed for horizontal scaling and real-time applications – making them popular platforms for big data systems.MongoDB, one of the key providers of NoSQL, offers a high-level security checklist to protect NoSQL databases from attackers. The checklist covers such areas as authentication, role-based access control, encryption, auditing and more.

6. Relational Database Security: Part I

Yes indeed, relational databases and SQL-oriented solutions still manage the majority of enterprise data, according to a recent survey from Dell and Unisphere. To safeguard a relational database, make sure you focus on five areas of breach prevention (authentication and authorization; database firewall; encryption; data redaction and masking; and patch management), according to Layer Seven Security. Also, make sure your organization understands four areas of breach detection (data discovery and classification; privilege analysis; configuration management; and logging and auditing), Layer Seven Security adds.

7. Relational Database Security: Part II

The leading relational database providers offer checklists to mitigate security risks. The following links lead to specific security guidance for some of the best-known relational databases: IBM DB2, Microsoft SQL Server, MySQL and Oracle.

Content Continues Below

8. In-memory Databases: Part I

In-memory databases store data entirely in main memory, which can be an ideal approach for data-intensive applications like analytics, social networking and e-commerce systems.Generally speaking, in-memory databases have built-in security features but the bigger concerns involve IT architecture. For instance, a Payment Card Industry Data Security Standard (PCI DSS) best practice calls for application and database services to run on separate servers located in independent network zones, notes Layer Seven Security. However, some in-memory databases have built-in application and web servers – allowing each piece of software to share hardware resources. To mitigate the potential security risks associated with such tightly integrated software stacks, check in with your specific in-memory database vendor.

9. In-memory Databases: Part II

Some in-memory databases could also be susceptible to so-called RAM-based attacks or physical memory attacks. Attacks such as RAM-scrapping are relatively rare but are becoming more prevalent since attackers are increasingly targeting volatile memory to circumvent encrypted data in persistent memory, notes Layer Seven security. PrivateCore outlines the various physical memory attacks and potential fixes here.

10. File Sync and Sharing Security

Box, Dropbox and other cloud-based file sharing tools are now mainstream. Big data systems will increasingly tap into cloud-based file sharing systems to analyze all of that unstructured information. Dozens of consumer- and corporate-grade file sharing systems exist. Each has its own security tools. The differentiator? Your own IT team, which must document when and how employees are permitted to use those public cloud services.

Content Continues Below

Thanks and More

We’ve touched on only a few types of big data systems in this slideshow. If you’d like us to cover security for additional types of big data systems, please post a comment and we’ll be sure to explore the opportunity. For additional Information Management slideshows please visit here.