Professional Documents
Culture Documents
Paper
October
2014
White Paper: Closing the Big Data Management & Security Gap 2
Contents
Big
Data
Is
Gaining
Momentum,
but
Increasing
Concerns,
Too
..................................................................
3
Big
Data
Projects
Still
Rely
Heavily
on
Professional
Services
...................................................................................
3
Security
Still
a
Top
Concern
for
Big
Data
Platforms
.................................................................................................
4
How
Organizations
Should
Automate
and
Secure
Big
Data
Deployments
.................................................
5
Zettaset
Delivers
a
Safer,
More
Automated
and
Secure
Solution
..............................................................
6
All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The
Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are
subject to change from time to time. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of
this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the
express consent of The Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and,
if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at 508.482.0188.
White Paper: Closing the Big Data Management & Security Gap 3
Source:
ESG
Research
Report,
Enterprise
Data
Analytics
Trends,
May
2014.
Ibid.
White Paper: Closing the Big Data Management & Security Gap 4
In
which
of
the
following
areas
do
you
believe
your
IT
organizaGon
currently
has
a
problemaGc
shortage
of
exisGng
skills?
(Percent
of
respondents,
N=545,
mulGple
responses
accepted)
Informaeon
security
25%
IT architecture/planning
24%
21%
20%
20%
19%
18%
Database administraeon
17%
17%
0%
5%
10%
15%
20%
25%
30%
Source:
ESG
Research
Report,
Enterprise
Database
Trends
in
a
Big
Data
World,
July
2014.
Source:
ESG
Research
Report,
Enterprise
Data
Analytics
Trends,
May
2014.
5
Source:
Ibid.
4
White Paper: Closing the Big Data Management & Security Gap 5
Figure 2. Top Five Most Important Criteria in Evaluating a Big Data Solution
Which
of
the
following
aUributes
are
most
important
to
your
organizaGon
when
considering
technology
soluGons
in
the
area
of
business
intelligence,
analyGcs,
and
big
data?
(Percent
of
respondents,
N=375,
three
responses
accepted)
Security
26%
26%
Reliability
22%
21%
Performance
20%
0%
5%
10%
15%
20%
25%
30%
How
Organizations
Should
Automate
and
Secure
Big
Data
Deployments
The
good
news
is
that
as
adoption
has
accelerated
and
more
production
deployments
are
being
settled
into
enterprise
environments,
there
are
now
some
emerging
best
practices
to
follow
to
automate
and
secure
a
Hadoop
environment.
The
bad
news
is
that
the
requisite
functionality
is
by
no
means
yet
a
standardized
part
of
any
particular
distribution,
and
many
customers
will
need
to
look
carefully
at
vendors
glib
promises
to
determine
for
themselves
which
are
most
up
for
the
deployment
and
security
challenge.
A
typical
CISO
will
be
interested
in
establishing
sound
methodologies
for
security
efficacy,
operational
efficiency,
and
enabling
the
business
to
conduct
activities
in
a
safe
manner
without
undue
burden.
Both
IT
and
line
of
business
leaders
should
take
an
interest
and
demand
the
best-of-breed
capabilities
outlined
in
Table
1
from
any
production
solution.
Table
1.
Four
Primary
Considerations
in
Selecting
a
Secure
Big
Data
Platform
Impact
/
Benefit
Faster
time
to
production
and
reduced
risk
of
security
gaps
Safer
ETL
and
storage
of
everything
in
data
lake/hub
Simplified
key
admin
and
more
reliable
access
Only
approved
people
can
see
only
appropriate
data
Source:
Enterprise
Strategy
Group,
2014.
White Paper: Closing the Big Data Management & Security Gap 6
While
set
up
and
configuration
of
a
few
management
and
data
nodes
in
a
Hadoop
cluster
may
be
touted
as
relatively
easy
to
do,
the
manual
effort
introduces
chances
of
errors,
which
are
increased
for
each
additional
instance.
Having
an
automated
system
for
deployment
simplifies
this
process,
making
for
both
a
more
scalable
and
more
reliably
protected
environment.
Encryption
may
seem
like
a
common
tick
box
option
on
many
Hadoop
distributions,
but
not
all
follow
the
same
conventions
or
coverage
model.
Ensure
that
all
data
on
disk
is
covered
with
strong
encryption,
and
take
steps
to
also
guard
against
network
attacks
for
data
being
transferred
between
nodes;
during
extract,
transform,
and
load
activities;
and
when
exporting
information.
Data
masking
can
also
be
useful
if
certain
fields
need
to
be
identifiably
unique
for
analytics
without
exposing
their
actual
contents.
Though
encryption
itself
may
seem
quite
simple
to
turn
on,
key
management
is
often
the
weak
point
of
solutions,
particularly
in
larger,
more
varied,
or
more
dynamic
environments.
Unique
keys
should
be
generated
and
controlled
via
customizable
policies,
kept
and
provided
in
a
highly
available
source,
and
compliant
with
KMIP
definitions.
Key
management
should
also
have
role-based
administration
and
auditing
capabilities.
Even
if
the
whole
environment
is
defended
from
external
attacks
using
these
mechanisms,
steps
should
be
taken
to
limit
access
to
particular
data
sets
for
only
authenticated
users.
This
should
be
fine-grained,
role-based,
automatically
tied
into
AD
and
LDAP
protocols,
and
carry
over
permissions
as
specified
from
these
proven
access
control
systems.
From
a
broader
perspective,
additional
steps
should
be
explored
as
best
practices,
including
establishing
a
security
zone
for
the
analytics
servers,
deploying
these
servers
in
a
hardened
configuration,
frequent
scanning
and
timely
patching,
and
traffic
monitoring.
These
approaches
are
not
necessarily
different
for
Hadoop
environments,
however,
and
should
be
considered
as
a
standard
part
of
a
larger
IT
security
framework.
Although
a
non-trivial
undertaking,
IT
technology
decision
makers
should
build
these
into
their
must
have
evaluation
criteria,
and
select
products
that
have
functionality
to
match.
White Paper: Closing the Big Data Management & Security Gap 7
management
and
security
mechanisms
of
most
branded
distributions,
and
will
help
address
the
considerations
outlined
in
Table
1.
Specific
modularized
Big
Data
management
and
security
capabilities
include:
Zettaset
has
a
bigger
vision,
too,
including
smoother
deployments,
better
reliability,
improved
performance,
and
easier
support
and
administration
for
broader
big
data
environments.
Centralizing
and
certifying
management
of
all
required
functions
to
meet
enterprise
operational
standards
will
go
a
long
way
to
facilitating
the
adoption
of
technologies
that
are
still
evolving
and
maturing.
Modularizing
the
Zettaset
offerings
opens
them
up
to
the
wider
community
with
a
flexible
a
la
carte
menu
to
suit
specific
enterprise
requirements,
while
also
paving
the
way
for
an
expanded,
more
comprehensive,
and
fully
integrated
solution
for
big
data
management
and
security.
The
Bigger
Truth
Big
data
is
rapidly
entering
the
mainstream,
and
new
data
platforms
like
Hadoop
and
NoSQL
databases
are
becoming
increasingly
popular
tools
to
capture
and
serve
up
more
enterprise
data
than
ever
before,
spanning
sensitive
personal
profile,
health,
financial,
and
sometimes
R&D
information.
Not
only
is
more
data
being
collected
and
compiled
into
a
single
repository,
but
also
more
people
are
being
given
access
to
this
data
across
multiple
lines
of
business
for
application
development
and
for
analysis
and
reporting.
Yet
these
emerging
technologies
are
not
yet
fully
mature
in
their
security
capabilities,
increasing
the
risk
of
a
super
breach.
The
financial
repercussions
and
brand
damage
of
an
incident
are
well
documented,
as
are
the
limitations
of
simple
perimeter-based
security
products.
While
many
are
leaping
into
the
big
data
opportunity
with
enthusiasm,
the
need
to
build
a
robust,
manageable,
and
safe
solution
is
paramount.
Many
vendors
are
paying
lip-service
to
these
issues,
but
few
have
really
understood
the
scope
of
the
problem
or
yet
endeavored
to
design
and
implement
a
truly
protected
product.
Zettaset
has
focused
on
building
more
comprehensive
security
and
management
functionality,
and
offers
a
great
complementary
solution
that
addresses
the
inherent
risks
of
Hadoop
distribution
frameworks.
20
Asylum
Street
|
Milford,
MA
01757
|
Tel:
508.482.0188
Fax:
508.482.0218
|
www.esg-global.com