Big Data: Is Your Service Desk Informed on Hadoop Security?

Companies are relatively tight-lipped about Hadoop adoption, and even more so about their security measures, so getting solid percentages about use and security is impossible. But it is estimated that about 500 to 1,000 enterprise-scale businesses are currently using Hadoop in a production capacity, yet only about 2-5 percent of executives with those companies cite security as a major issue with using Hadoop.

How Hadoop Security Issues are Affecting Businesses

This is concerning for several reasons. From its conception, Hadoop was never developed with security measures. When created, it was used between users and computers that knew and trusted each other. Even as Hadoop gathered mainstream attention and adoption, security was more of an add-on than a foundational consideration. Hadoop does not default to security mode, it has to be deliberately set. Inherently, there are no levels of user access, and it’s quite easy for one user to log on as another, and a simple matter for one user to lower the priority of other users’ jobs, or even to halt those jobs altogether.

Yet each security breach costs the company affected an estimated $5.4 million. Cyber crimes as a whole cost an estimated $140 billion per year. Sony estimates that their PlayStation breach ran between $2.7 billion and $24 billion, though the breach was so massive that it’s impossible to pinpoint with any precision. Netflix and AOL have both settled lawsuits in the millions of dollars because attempts to strip data of identifying information were unsuccessful.

What does your IT service desk need to know about Hadoop security?

Security Concerns With Hadoop

There are several issues at play: authentication, tokens, and encryption. Data stored in a Hadoop framework is not encrypted when at rest. Kerberos does offer authentication, but companies that do not use Kerberos as part of their Hadoop infrastructure do not have this feature, so an additional product has to be included in the grand plan. Furthermore, using the security mode in Hadoop is complex, and configuration is no menial task. There are numerous steps for enabling authentication and encryption, which need to be studied and understood by IT departments using Hadoop.

How IT Can Address Hadoop Security Issues

Fortunately, a number of vendors have stepped up and began developing security products for use with Hadoop. One example is Project Rhino by Intel, but other vendors also offer products to consider, depending on your particular Hadoop framework. At the minimum, IT should make a point of taking advantage of the security measures built into Hadoop, as limited and complex as those may be. Special attention needs to be paid to stored data at rest — which is a prime target for identity thieves and those wishing to indulge in corporate espionage, as it appears was the case in the Sony Pictures Entertainment hacking event at the end of 2014.

Security should always be a primary consideration in any IT service management solution. To do otherwise is to open your company to a $5.4 million security breach.

[hs_action id=”14057″]

Big Data: Is Your IT Service Desk Informed on Hadoop Security? Click To Tweet

Team, Business, & Professional Edition
Samanage Service Desk

Enterprise Edition
Samanage Service Desk

IT Service Desk

IT Asset Management

Service Portal

IT Service Catalog

Automations

Incident Management

Change Management

Integrations

Download our most helpful guide

Over 1000 Reviews by Happy Customers

See What Samanage Does in 2 min or less.

Our blog is full of helpful, short reads.

Leadership

Investors

News & Press

Careers

Big Data: Is Your IT Service Desk Informed on Hadoop Security?

PRODUCTS

RESOURCES

COMPANY

CONTACT US

Team, Business, & Professional Edition Samanage Service Desk

Enterprise Edition Samanage Service Desk