View Sidebar
Hadoop Security: Present and Future

Hadoop Security: Present and Future

12/11/2013 4:26 am0 comments

Where the current level of Hadoop system can be relied upon for data protection and processing, there is still a need to improve Hadoop security to ensure foolproof big data security for coming times. To stay updated about the scope of a secure Hadoop cluster today and in times to come, one needs to know a few important things about it.

Hadoop Security Present and FutureSecurity is the foremost agenda that represents almost all major requirements within an organization, especially when it is about tasks like big-data processing. Hadoop registered a remarkable progress in last couple of years and has successfully addressed the most common worries like authorization, authenticity and above all, data protection. With more security enhanced Handoop clusters in the pipeline, though using the systems are banking upon the safety of all vital data in the future also.

Hadoop currently is engaged at the cutting edge to provide secure support to countless financial service applications and big private healthcare projects that operate in a high security-sensitive environment. Recent upgrades of Hadoop systems meet the key requirements of organizations demanding some of the world’s toughest security norms. With all the tight security controls incorporated in Handoop, the final objective remains flexibility and smooth data processing for now and in the future.

Hadoop Security Controls Dec 2013

 Security Controls for Hadoop at Present

Securing a Handoop cluster presents certain both small and big, which includes its distributed nature that to a large extent is even responsible for its success. For securing a system, a layered approach is the best and distribution happens to be one of the most complex barriers to it.

Following are the major layers that are in place to secure a cluster:

Authentication

It is responsible for verifying the identity of both a system and a user accessing it. Pseudo authentication and Kerberos are the two authentication modes Hadoop is providing. While the first takes care of the trust among users, the latter secures the overall Hadoop cluster.

Authorization

Authorization represents access freedom for users and a system. Hadoop relies on resource-level access control, file permissions in HDFS and offers authorization and a service-level access control.

Accounting

Accounting makes it possible to track resource use in a system. MapReduce and HDFS that are the parts of Apache Hadoop offer base audit support. Apache Oozie functions as a workflow engine and offers audit trail for all services.

Data Protection 

This takes care of privacy of information. HDP protects the data in motion and HDFS holds up encryption at operating-system levels.

Security Controls for Hadoop in Future

Newer innovations in Hadoop security are focusing mainly on making various security frameworks to work in collaboration so that they can be easily managed. Here’s what Hadoop security system is going to be big at:

Granular Authorization and Enhanced Authentication

Verification technique in most Hadoop modules is in the process of being improved. This is mainly developed and fortified mainly because most users are demanding security hardened authorization model. Token-based validation will soon replace Kerberos to enhance the authentication process.

Encryption Data Protection and Improved Accounting

A more advanced encryption algorithm is a must for most channels. The focus would be on better encryption, mostly through HBase, HDFS and Hive. Another important step is going to be high-tech audit record correlation for easier reporting. With this system, the auditor would be able to predict the sequence of Hadoop component operations without having to take help from any external tools.

Director at HMPL, a digital media services company, Kamal Thakur is a computer science & engineering grad from NIT Jalandhar. He is a writer, ecommerce analyst and content marketing expert. Kamal lives in the Himalayas.

Leave a reply