Securing Your Big Data Environments Built on Hadoop or NoSQL?

1Do you know the percent of all Big Data projects that must meet some level of compliance? According to a recent SANS survey, over 80% have to today. The logical conclusion is that you already have sensitive data that you need to protect — it’s not a case of “if.” So, how are you protecting data from cyberthreats and proving compliance?

Over the last few years, Centrify has worked with the leading vendors in Hadoop to deliver their customers’ enterprise-grade identity and access management (IAM). We’re the industry’s first privileged identity management (PIM) solution for Big Data and announced our partnership with Cloudera, Hortonworks and MapR in February of this year.

HWX       Cloud       mpr

Since then, our customers have helped us learn that NoSQL is equally critical, containing similar sensitive data as Hadoop in the big data infrastructure. We’ve responded by announcing the industry’s first privilege identity management solution for NoSQL, partnering with three leading NoSQL vendors — Couchbase, DataStax & MongoDB.

20130321214239!Couchbase,_Inc._official_logo    mongodb      datastax_logo_1

So, you may be asking “what do these collaborations bring to me in my business?”

An easy way to explain how Centrify’s Platform helps provide compliance for, and protects access to sensitive data from cyberthreats is through “AAA: Authentication, Authorization and Audit.” The chart below identifies how Centrify and the vendors help address each of the three A’s.   

Screen Shot 2015-09-25 at 4.36.31 PM

Authentication

Out of the box there is no security for NoSQL. You can check the Authentication box to secure access using either Kerberos or lightweight directory access protocol in NoSQL. Like Hadoop, we extend the Kerberos and LDAP to your existing Active Directory and make it easy to integrate with complex multi-domain, multi-forest infrastructure. To Centrify, a NoSQL Node is no different from any other Unix / Linux Server when we integrate it with Active Directory.

Therefore, you can unify your IT infrastructure by consolidating identity, authentication and access management for Linux and UNIX within Microsoft Active Directory and reduce risk and total cost of ownership.

Authorization 

NoSQL vendors, like the Hadoop vendors, have a very deep understanding of their users and applications, so they enforce access controls best within the NoSQL context. Centrify extends access controls to the operating system by integrating the roles and by providing identity and group memberships from Active Directory to enable authorization for the NoSQL vendors, leveraging Active Directory for privilege management. The result: securing the node.

This is important because a flexible, highly granular privilege management solution lets your users complete their work, reduces your risks, and makes your implementation of a least-privilege approach easy with role-based access controls. 

Audit 

Centrify can record everything that the user does on the command line on linux / unix host. NoSQL vendors have clear visibility of every activity that happens within NoSQL. Centrify extends this capability to session monitoring and recording at the operating system level.

Centrify Server Suite provides full video capture of privileged sessions, tying all activity back to individual users for improved accountability, forensics and compliance.

In summary — Centrify, in conjunction with our Big Data partners, enables you to protect your sensitive data, prove compliance and secure your big data infrastructure in record time while leveraging your existing investment in Active Directory.