Encouragingly, some of the news on the security front is starting to brighten. According to Lane and Mortman, who both recently discussed Bigger Data, Less Security? at the Secure360 Conference in St. Paul, MN, the applications used to build big data systems are starting to take security in mind, as are some of the enterprises implementing them.
Lane and Mortman explain say that when they were preparing for the same talk a little over a year ago, the security feature in big data applications was barren.
"What was available from Hadoop and other organizations such as Cloudera, Zettaset, and others was very minimal, while many security vendors hadn't adjusted their products to work well within Hadoop environments," says Lane.
That has started to change in the past year; vendors, as well as enterprises, are starting to take a closer if not painfully slow look at securing these systems. According to Lane and Mortman, more vendors today are better at integrating identity and access management capabilities into their big data applications. That could include leveraging identity capabilities inherent within Linux, or tighter integration with Kerberos.
Enterprises are starting to take more initiative internally, too. "We're seeing teams look for the best ways to add layers of security around these databases, either to avoid security and privacy risks, or to stay on the right side of government regulatory mandates," says Mortman.
To increase security, some organizations are employing "walled gardens," or relatively closed software system that were very common in securing mainframe data. Some of the more agile, smaller development teams are using approaches similar to what we see in web application's security. They're wrapping security into the application and user identity layers.
Additionally, Lane and Mortman say that organizations are starting to do a better job at using identity to build access controls around their implementations, including between applications and the users of those applications. They're also turning to block layer encryption, which will improve security but also enable big data clusters to scale and perform. "That encryption is a very easy way to make sure that the data at rest are secured, and that your platform admins can't get access to the data files," says Mortman.
Unfortunately, there is much left to do when it comes to securing big data and next generation database implementations. One issue involves database monitoring. Enterprises have been monitoring their networks, applications, and databases for many years, and these practices should most certainly extend to their big data implementations. "There are specific ways of looking at those usage profiles or behavioral profiles, or metadata information to vet good vs. bad queries. We don't have this ability with big data yet," says Mortman.
Sign up for Computerworld eNewsletters.