Good to speak with Dale Kim, Senior Director of Product at Arcadia Data which has extended support for a unified security and management solution native to Apache Hadoop that includes certified integration with Apache Ranger. This reinforces the security strategy of in-cluster security enhancing its capabilities to deliver secure data directly in Hadoop, cloud, and other modern data platforms without sacrificing granular access control, overcoming the complexities of extraction, data movement, and fragmented permission models inherent to legacy BI and analytics architectures that run outside of Hadoop.
Dale sees the most important elements of security as simplifying the process of securing data while making it more accessible, promoting data agility, taking advantage of different platforms and reducing the number of silos. These are also the same issues he sees affecting security when visiting a prospective client.
He sees the cybersecurity threat landscape changing with the proliferation of machine learning frameworks that enable users to see anomalous behavior with visualized output. Dale believes this will be imperative as IoT grows.
Real-world problems Arcadia clients are solving include predictive maintenance by identifying the lifespan of hard drives with smart metrics and seeing the patterns of failure analysis so that a machine can be backed-up and taken offline before the hard drive fails.
According to Dale, the future of security will be smarter algorithms that work across any data framework, along with data models that are sufficiently smart to identify what they do not know, along with a lot of information sharing.
His advice to developers is to bake security in upfront and to look for technologies in which security is inherently baked in. Do not take a "worry about it later" attitude. With analytics platforms, customizable security is built into the framework. Security controls are natively part of the development process.
Arcadia Enterprise enables a big data approach to ensure security, as it is designed to seamlessly enforce security policies defined within Hadoop. Featuring direct integration with leading Hadoop-based authorization projects like Apache Ranger, it allows security-conscious enterprises in sectors such as healthcare and finance to build broadly-accessible data visualizations which respect specific role-based access policies. With the Arcadia Enterprise certification with leading Hadoop system management software including Apache Ambari and Cloudera Manager, administrators have a unified interface to more easily set up and manage permissions for visualizations on secure data.
Apache Ranger delivers a centralized security framework to manage access control over Hadoop. Using the Apache Ranger administration console, users can easily manage policies around accessing a resource (file, folder, database, table, column, etc.) for a particular set of users and/or groups, and enforce the policies within Hadoop. Arcadia Enterprise is the only visual analytics software that is certified for deployment, management, and security through Apache Ambari and Apache Ranger. It affords IT organizations not only simplified deployment and operations for their Hadoop platform, but a more secure and convenient way to deliver on the value of Hadoop to the broadest range of business users.
With the Ranger integration combined with its data native architecture that powers in-cluster analytics, Arcadia Data makes compliance easier: “While business user self-service, agility, and scalability were the main reasons for picking a distributed computing platform, Arcadia Data brings an unexpected and a highly valuable benefit. Client/server-based BI tools with data and result sets residing in multiple physical locations cause a HIPAA-compliance nightmare. Because Arcadia Data runs entirely inside a Hadoop cluster, proper security and auditing of that cluster is all that’s needed for HIPAA compliance.” Source - Forrester report, by Boris Evelson.
Overview of Key Features and Benefits
Traditional BI and analytics tools rely on decentralized security models, which makes extracting and managing big data complicated and vulnerable. Arcadia developed centralized role-based access control (RBAC) and its direct integration with Hadoop-native projects -- Apache Sentry and Apache Ranger -- to leverage data permission models defined directly in the cluster, including discrete access control down to a single row or column in the data. By delivering a security architecture converged from within Hadoop’s distributed processing framework, Arcadia continues to deliver on its vision of in-cluster and on cloud analytics by eliminating the complexities of redundant, overlapping security management inherent in BI stacks which rely on moving data off-cluster. The in-cluster approach ensures data architects, analysts, and administrators in IT organizations get a faster, more cost-effective, and safer path to value with their big data environments with the following benefits:
Unified Security: Arcadia Enterprise RBAC automatically imports group membership from underlying directory sources based on Active Directory, Kerberos, LDAP, or SAML, as well as role membership and privilege information from Apache Ranger.
Unified Management: Certified integration with Apache Ambari provides secure plug-and-play deployment of Arcadia Enterprise into Hortonworks deployments. In addition to simplifying production operations, it provides audit transparency into any and all data access and analytics operations used for visualizations.
Simplified Architecture: No additional servers or clusters are required to get setup, reducing deployment complexity and risk for error.
“Complexity creates vulnerability, and data security is a difficult enough problem without trying to extract data to fit legacy standalone BI and visualization tools. In fact, these tools can make the problem worse as data volumes grow because they require you to reconfigure multiple layers of permissions and encryption,” said Priyank Patel, Arcadia Data co-founder and chief product officer. “At Arcadia Data, our native visual analytics approach lets users use Hadoop and other big data platforms as a centralized, secure, and single source of data, so they can safely deliver your data into the right hands, where it can drive insight and innovation for anyone with access, not just a handful of data scientists.”