HPE SecureData for Big Data Platform HPE Vertica – Big Data Platform HPE Security – Data Security February 2016
Data Security Impacts Design and Delivery of Big Data Projects – Data Security frequently is a leading Role Security Impacts obstacle to effective and timely Architect Performance, operations implementation of Big Data projects Analyst/Data Scientist Access to data, – Multiple stakeholders are affected by analytical performance security considerations Business Owner Ability to extract Big – Data Security must be built-in Data value – customer insights, product innovations, etc. Security De-risk data breach exposure, drive regulatory and privacy compliance C-level Build and protect Brand, reputation, market share 2
Why is it More Difficult to Secure Data Today? Big Data today touches many: Systems – premise or cloud Technologies – Hadoop or Vertica Data Sources with real-time feeds Data Types and Formats ROS, JSON Storage Open formats Business Environments with varying analytic needs Public Cloud Appliance Private Cloud 3
HPE Vertica – Big Data SQL Analytics Platform Columnar storage Continuous Clustering Compression and execution performance Achieve best data query Scale linearly by adding Store more data, provide Query and load 24x7 with performance with unique more resources on the fly more views, use less zero administration HPE Vertica column store hardware
HPE Vertica – Big Data SQL Analytics Platform Core Vertica SQL Engine HPE Vertica OnDemand • Advanced Analytics • Get up and running quickly in the cloud • Open ANSI SQL Standards ++ • HP Helion or Amazon AWS • R, Python, Java, Scala HPE Vertica for SQL on Hadoop • Native support for ORC, Parquet HPE Vertica Enterprise Edition • Supports all distributions • Columnar storage and advanced compression • No helper node or single point of failure • Maximum performance and scalability • Flex Zone for schema-on-read
HPE Vertica Database Security Authentication via LDAP, GSS/Kerberos, others Client/Server Communication via OpenSSL Public Network Flexible User/Role Construct Fine Grained and Separation of Control Column Level Access Control Cloud HDFS Backups BEST to augment these with “data - centric” protection of data in use, in motion and at rest
Best Way to Protect Data At creation, in motion and at rest De-identifying the data as close to its source Offload need for in-database Encryption Enhance existing security methods HPE SecureData Protects Data at Any Point in the Data Flow Authentication SSL/TLS/firewalls SSL/TLS/firewalls Database encryption Disk encryption Management Data & Applications Middleware/Network Databases File Systems Storage Credential SQL injection, Malware, Traffic Interceptors Malware, Compromise Malware Insiders Insiders 7
Introducing “Data - centric” security Threats to Traditional IT Data Security Data Infrastructure Security Ecosystem Gaps Data & Applications Authentication Credential Management Compromise Security gap Data security coverage Middleware/Network Traffic SSL/TLS/firewalls Interceptors Security gap SQL injection, Databases Database encryption Malware Security gap Malware, File Systems SSL/TLS/firewalls Insiders Security gap Malware, Disk encryption Storage Insiders 8
HPE SecureData provides this protection Threats to Traditional IT Data Security HPE SecureData Data Infrastructure Security Ecosystem Gaps Data-centric Security Data & Applications Authentication Credential Management Compromise Security gap End-to-end Protection Data security coverage Middleware/Network Traffic SSL/TLS/firewalls Interceptors Security gap SQL injection, Databases Database encryption Malware Security gap Malware, File Systems SSL/TLS/firewalls Insiders Security gap Malware, Disk encryption Storage Insiders 9
HPE SecureData – Stateless Key Management – No key database to store or manage HPE SecureData – High performance, unlimited scalability Key Servers – Both encryption and tokenization technologies HPE SecureData Management Console – Customize solution to meet exact requirements – Broad platform support – On-premise / Cloud / Big Data – Structured / Unstructured HPE SecureData – HPE Vertica,Linux, Hadoop, Windows, AWS, IBM z/OS, etc. HPE SecureData HPE SecureData HPE SecureData Native APIs Web Services API Command Lines File Processor (C, Java, C#./NET) – Quick time-to-value – Complete end-to-end protection within a common platform – Format-preservation dramatically reduces implementation effort 10
HPE Format-Preserving Encryption (FPE) First Name: Gunther Last Name: Robertson SSN: 934-72-2356 Tax ID DOB: 20-07-1966 934-72-2356 First Name: Uywjlqo Last Name: Muwruwwbp FPE 253- 67 -2356 SSN: 253- 67 -2356 DOB : 18-06-1972 Ija&3k24kQotugDF2390^32 0OWioNu2(*872weW AES 8juYE%Uks&dDFa2345^WFLERG Oiuqwriuweuwr%oIUOw1@ – Supports data of any format: name, address, dates, numbers, etc. – Preserves referential integrity – Only applications that need the original value need change – Used for production protection and data masking – Currently in the NIST standardization process 11
HPE Secure Stateless Tokenization (SST) Credit Card Tax ID 1234 5678 8765 4321 934-72-2356 SST 8736 5533 4678 9453 347-98-8309 Partial SST 1234 56 33 4678 4321 347-98 -2356 Obvious SST 1234 56 AZ UYTZ 4321 AZS-UX -2356 – Tokenization for PCI scope reduction – Replaces token database with a smaller token mapping table – Token values mapped using random numbers – Numerous advantages over traditional tokenization − No database hardware, software, replication problems, etc. 12
HPE Vertica’s Integration with HPE SecureData Implemented via User Defined Extensions (UDF) − Encrypts data in parallel on each node in the cluster UDF available at HPE Big Data Marketplace – Sample Data and Scripts Analyze and process on protected data Decrypt only for authorized personnel Encrypt data on Load Protect at Load Access Data “Copy”,“Insert” “Select” Example: HPE Vertica \set input_file '''':t_pwd'/plaintext_large.csv''' => SELECT s.id, s.name, s.email, HPE HPE => COPY voltage_sample(id, name, s.birth_date, ACCESS(s.cc USING Vertica Vertica street, city, state, postcode, UDFs UDFs PARAMETERS format='CC'), ACCESS (s.ssn phone, email, birth_date, cc, cvv, USING PARAMETERS format='SSN'), ssnfiller FILLER varchar, ssn as cs.creditscore FROM voltage_sample s PROTECT (ssnfiller USING PARAMETERS JOIN voltage_sample_creditscore cs ON format='SSN')) FROM :input_file (s.ssn = cs.ssn) WHERE s.id <= 10; DELIMITER ',' NULL '' direct;
Options for Securing Data 4 1 Applications and data Applications, analytics and data HPE HPE SecureData Vertica Landing Zone 2 5 HPE Vertica ETL and UDFs batch Applications, Applications analytics and data and data HPE HPE SecureData SecureData Egress Zone 3 ETL and 6 HPE Vertica batch UDFs Applications, Applications analytics and data HPE and data HPE SecureData SecureData 7 BI Tools and Source Data and Downstream Applications Applications Unprotected Data Application with HPE SecureData Interface Point Legend: De-Identified Data Standard Application 14
Sample Implementation HPE SecureData Server Applications & Data (HPE SecureData) Applications & Data HPE Vertica UDFs (SQL on Hadoop) Data remains protected in: Applications & Data Sqoop/ (HPE SecureData) MapReduce Jobs HDFS/Hive (UDFs) (HPE SecureData) (HPE SecureData) • Motion across solution Applications & HPE Vertica Data technology stack (UDFs) • Across Data Centers Hadoop Cluster (In Premise/Cloud) (HPE SecureData) (HPE Vertica running on Hadoop data nodes) • Data Backups HPE Vertica Enterprise Cluster • Data Replication/Mirroring (In Premise/Cloud) • Data Test and Production environments
Hundreds of Customers Rely on HPE Vertica for Big Data Analytics FINANCIAL SERVICES HEALTH & LIFE SCIENCES ENERGY CONSUMER WEB COMMUNICATIONS, MEDIA, ENT PUBLIC SECTOR RETAIL
Use case 1: Financial Services Company ‒ Establish a one-stop-shop for business ‒ Integrated HPE SecureData into ingestion intelligence across multiple products and lines workflow of business at a global financial firm ‒ Sensitive account and PII information ‒ Analyze historical data on 20 billion protected using HPE SecureData Format- transactions Preserving Encryption ‒ Develop comprehensive customer needs ‒ Data Scientist team analyze directly on analysis protected encrypted data ‒ Data contains Account Numbers and customer ‒ Marketing teams analyze on protected data PII (Address, SSN, emails) information and decrypt only upon access/retrieval of customer information for targeted campaigns ‒ Data stored in Hadoop infrastructure ‒ Data stored on Hadoop infrastructure in encrypted form 17
Recommend
More recommend
