…Sentry: Fine-Grained Authorization for Impala and Apache Hive
From the post:
Cloudera, the leader in enterprise analytic data management powered by Apache Hadoopâ„¢, today unveiled the next step in the evolution of enterprise-class big data security, introducing Sentry: a new Apache licensed open source project that delivers the industry’s first fine-grained authorization framework for Hadoop. An independent security module that integrates with open source SQL query engines Apache Hive and Cloudera Impala, Sentry delivers advanced authorization controls to enable multi-user applications and cross-functional processes for enterprise datasets. This level of granular control, available for the first time in Hadoop, is imperative to meet enterprise Role Based Access Control (RBAC) requirements of highly regulated industries, like healthcare, financial services and government. Sentry alleviates the security concerns that have prevented some organizations from opening Hadoop data systems to a more diverse set of users, extending the power of Hadoop and making it suitable for new industries, organizations and enterprise use cases. Concurrently, the company confirmed it plans to submit the Sentry security module to the Apache Incubator at the Apache Software Foundation later this year.
Welcome news but I could not bring myself to include all the noise words in the press release title. 😉
For technical details, see: http://cloudera.com/content/cloudera/en/Campaign/introducing-sentry.html.
Just a word of advice: This doesn’t “solve” big data security issues. It is one aspect of big data security.
Another aspect of big data security is not allowing people to bring in and leave your facility with magnetic media. Ever.
Not to mention using glue to permanently close all USB ports and CD/DVD drives.
There is always tension between how much security do you need versus the cost and inconvenience.
Another form of security: Have your supervisor’s approval in writing for deviations from known “good” security practices.