Companies are relatively tight-lipped about Hadoop adoption, and even more so about their security measures, so getting solid percentages about use and security is impossible. But it is estimated that about 500 to 1,000 enterprise-scale businesses are currently using Hadoop in a production capacity, yet only about 2-5 percent of executives with those companies cite security as a major issue with using Hadoop.
How Hadoop Security Issues are Affecting Businesses
This is concerning for several reasons. From its conception, Hadoop was never developed with security measures. When created, it was used between users and computers that knew and trusted each other. Even as Hadoop gathered mainstream attention and adoption, security was more of an add-on than a foundational consideration. Hadoop does not default to security mode, it has to be deliberately set. Inherently, there are no levels of user access, and it’s quite easy for one user to log on as another, and a simple matter for one user to lower the priority of other users’ jobs, or even to halt those jobs altogether.
Yet each security breach costs the company affected an estimated $5.4 million. Cyber crimes as a whole cost an estimated $140 billion per year. Sony estimates that their PlayStation breach ran between $2.7 billion and $24 billion, though the breach was so massive that it’s impossible to pinpoint with any precision. Netflix and AOL have both settled lawsuits in the millions of dollars because attempts to strip data of identifying information were unsuccessful.
What does your IT service desk need to know about Hadoop security?
Security Concerns With Hadoop
There are several issues at play: authentication, tokens, and encryption. Data stored in a Hadoop framework is not encrypted when at rest. Kerberos does offer authentication, but companies that do not use Kerberos as part of their Hadoop infrastructure do not have this feature, so an additional product has to be included in the grand plan. Furthermore, using the security mode in Hadoop is complex, and configuration is no menial task. There are numerous steps for enabling authentication and encryption, which need to be studied and understood by IT departments using Hadoop.
How IT Can Address Hadoop Security Issues
Fortunately, a number of vendors have stepped up and began developing security products for use with Hadoop. One example is Project Rhino by Intel, but other vendors also offer products to consider, depending on your particular Hadoop framework. At the minimum, IT should make a point of taking advantage of the security measures built into Hadoop, as limited and complex as those may be. Special attention needs to be paid to stored data at rest — which is a prime target for identity thieves and those wishing to indulge in corporate espionage, as it appears was the case in the Sony Pictures Entertainment hacking event at the end of 2014.
Security should always be a primary consideration in any IT service management solution. To do otherwise is to open your company to a $5.4 million security breach.