Securing your Big Data Environment Ajit Gaddam @ajitgaddam Securing Your Big Data Environment | Black Hat USA 2015 Page # 1 • @VISA Chief Security Architect • Before – senior tech roles at diff tech & FI companies • Co-founder of 2 startups • Co-Author of Hadoop in Action-2 book by @ajitgaddam Manning Publications • SABSA, CISSP, GSEC, GPEN, TOGAF Securing Your Big Data Environment | Black Hat USA 2015 Page # 2 Agenda ❑What is Big Data and why should I secure it? ❑Security Risks & Threat Models ❑Big Data Security Framework ❑Successes, Failures, and Best Practices Securing Your Big Data Environment | Black Hat USA 2015 Page # 3 What is Big Data “Big Data refers to datasets whose size and/or structure is beyond the ability of traditional software tools or database systems to store, process, and analyze within reasonable timeframes” HADOOP is a computing environment built on top of a distributed clustered file system (HDFS) that was designed specifically for large scale data operations (e.g. MapReduce) Images source : EMC Big data 2012 http://emc.im/MprmL3 Securing Your Big Data Environment | Black Hat USA 2015 Page # 4 Three Reasons for Securing Hadoop ( .. atleast) 2. Subject to 1. Contains 3. Can enable Regulatory Sensitive Data your business Compliance Teams go from a POC to deploying a Before, usage was production cluster, broad and possibly With #1 comes and with it petabytes restricted to non- compliance to PCI of data. sensitive data. DSS, FISMA, HIPAA, EU laws, US federal/state laws to Contains sensitive protect PII, cardholder and other With security in place, cardholder, and other customer or corporate you can allow for in-scope data data that must be sensitive workloads protected on restricted datasets Securing Your Big Data Environment | Black Hat USA 2015 Page # 5 Image source: World’s Biggest Data Breaches (Source: Information Is Beautiful, DataBreaches.net, IdTheftCentre, press reports) Securing Your Big Data Environment | Black Hat USA 2015 Page # 6 Current State of Big Data Security Security Rigor OSS Fragmentation CVE Metrics Only 4 reported & Traditional RDBMS No standardization fixed Hadoop platforms underwent or portability of Big Data security Vulnerabilities in past decades of security solutions 3 years evaluations & assessments Securing Your Big Data Environment | Black Hat USA 2015 Page # 7 Data Breaches over the past year Different kinds of PII, financial data, and IP breached. Federal Govt., Financial Institutions, Tech companies etc. Image source: World’s Biggest Data Breaches (Source: Information Is Beautiful, DataBreaches.net, IdTheftCentre, press reports) Securing Your Big Data Environment | Black Hat USA 2015 Page # 8 Source: Verizon Data Breach 2015 report Securing Your Big Data Environment | Black Hat USA 2015 Page # 9 Securing Your Big Data Environment | Black Hat USA 2015 Page # 10