Do you have to secure your company’s Hadoop cluster as it moves to production? Concerned about setting up and managing an MIT Kerberos implementation?
We’ve been working with over 40 enterprises across six major verticals over the last few years to address their Big Data IAM challenges. This blog post describes some of the key challenges they’ve faced, and how we at Centrify have helped address them.
Active Directory Integration
Often, Hadoop projects within an enterprise are piloted by business units and then moved to production once the use case is validated. And, one of the first decisions business units and IT must make is how to manage identities and access as they move to production.
There are primarily two authentication methods for Hadoop —
- Simple, i.e. decentralized with management on each of the Hadoop nodes, and
- Kerberos, i.e. centralized management where customers either stand up their own MIT Kerberos infrastructure or use their exiting identity infrastructure. IT typically chooses to leverage existing infrastructure, as the TCO is lower when compared to implementing and managing a new Kerberos realm.
Active Directory deployments in most enterprises we’ve worked with tend to be complex with multi-domain, multi-forest and complex trust relationships, at Centrify we’ve been working with 5000+ Customers over 11 years across various verticals to help make it extremely easy to connect and manage non-Windows servers in complex Active Directory environments.
As Hadoop becomes the data hub of the enterprise, IT plays a key role in managing nodes in the cluster. Being able to leverage existing technology and human capital investments helps IT realize operational efficiencies.
There are different types of users who need access to Hadoop nodes. there are Hadoop application users and system administrators like HDFS admins and IT admins. Centrify secures and manages privileges at the OS level for HDFS and IT admins, while Hadoop manages access to data for the Hadoop application users.
Hadoop stores valuable business data, and the Enterprise Security and Audit departments need to ensure there are appropriate controls in place for security and compliance with industry mandates and government regulations.
Most enterprises we work with have to comply with one or more regulations like PCI DSS, SOX, HIPAA, FISMA, or FERC NERC. One of the key requirement in the PCI DSS specification i.e. “Section7: Restrict access to cardholder data by business need to know” means enterprises need to enforce least privilege access for all analysts and administrators. To address this, Centrify simplifies the implementation of a least privilege model and provides comprehensive reporting on all employees who access the cluster, their roles and their privileges.
Enterprises also need rich session auditing and reporting to meet regulatory compliance requirements (PCI 10.2.2), Centrify provides full video capture of privileged sessions, tying all activity back to individual users for improved accountability, forensics and compliance.
In summary, Centrify Server Suite solution for Hadoop is an enterprise-grade offering that makes securing even the most complex Hadoop environments simple and straightforward by connecting your Hadoop cluster to your existing Active Directory infrastructure.