Crypto Tools Target Hadoop Security Gaps
Growing concerns about the lack of built-in security for open source databases such as Hadoop has created a need for tighter data security as these databases are scaled up to perform big data analytics.
A data encryption and key management tool released this week by cyber-security specialist Thales e-Security Inc. and big data security vendor Zettaset targets open source big data distributions of Hadoop and NoSQL.
The standards-based key management appliance and companying encryption software is also intended to help users comply with stricter government regulations and industry standards for ensuring data privacy. Along with a growing list of high-profile data breaches, the tools also respond to growing consumer unease over the sale medical and other private records.
Thales said its keyAuthority tool is designed to extend key management to Hadoop and and NoSQL using Zettaset’s BDEncrypt client software. Together, the security tools are intended to enable scalable encryption controls for large databases. Addressing a growing security requirement, the tool encrypts both archival data “at rest” as well as data “in use” and “in motion.”
The key management appliance and encryption software comply with industry standards such as the Key Management Interoperability Protocol and Public-Key Cryptography Standard #11. Both are said to provide interoperability with existing security frameworks.
Thales said its security appliance uses a “hardened” version of the Federal Information Processing Standard, or FIPS. FIPS 140-2 is the U.S. government computer security standard used to accredit cryptographic modules. The Thales appliance was “hardened” using security “Level 3” of the FIPS spec designed to prevent hackers from gaining access to “critical security parameters” within a crypto module.
That level of security, Thales said, provides strong key management to users of storage applications and systems with embedded encryption. Moreover, a unified key management interface is intended to reduce data silos whole automating encryption controls so that security polices are consistent across a global enterprise. That feature addresses differing security policies in the U.S., Europe and Asia.
Zettaset said its encryption software is optimized for big data stores while bringing Hadoop and NoSQL databases into compliance with corporate and federal regulatory regimes for big data. Among them are the Health Insurance Portability and Accountability Act for medical records, the Health Information Technology for Economic and Clinical Health Act and the Payment Card Industry data security standard.
The key management appliance also targets “the scale of big data and its highly distributed nature,” Cindy Provin, president of Thales e-Security, noted in a statement.
Security concerns have long handicapped open source databases like Hadoop. As users scale up Hadoop and NoSQL platforms to perform big data analytics, security gaps have been exposed. Indeed, the overall lack of built-in security threatens to hamper the open source platform’s spread before it gets off the ground.
Zettaset said it is attempting to address those concerns by combining its big data encryption software with the Thales key management appliance.