UPDATED 11:47 EDT / JULY 25 2013

Cloudera’s Sentry Safeguards Enterprise Hadoop Clusters

Cloudera has accelerated its efforts to make Hadoop more viable for the enterprise since former ArcSight exec Tom Reilly took over as CEO in June. The company has spent these last few months developing an open-source authorization module that it says gives organizations “unprecedented“ control over how users access data stored in Hadoop.

The tool, appropriately named Sentry, was released last week as an Apache project. Cloudera touts it as the “industry’s first fine-grained authorization solution.”

Sentry is designed to meet the Role Based Access Control (RBAC) requirements of companies in regulated industries such as healthcare and finance. It enables admins to assign privileges based on functional roles, and restrict user access rights to specific subsets of data within their organizations’ Hadoop deployments. The solution also facilitates “multi-tenant administration,” which means that senior persons can deputize admins to manage security settings for each separate database.

“Security is a top priority for large enterprises that are increasingly using Hadoop to manage Big Data. Cloudera continues to lead the way in advancing the Hadoop platform for enterprise use,” Tom Reilly wrote in a statement. “With Sentry and future releases in our product roadmap, we are continuing to address the complete security picture around Hadoop, delivering on our vision to make the platform safe and compliant for enterprise use, in even the most highly regulated industries.”

Cloudera’s solution can be viewed as another industry contribution alongside Accumulo, an ultra-secure key value store developed by the NSA researchers who went on to found Sqrrl. The framework’s cell-based architecture offers the same benefits as Sentry, but it has a distinct edge. While Cloudera offers fine-grained access controls at the Server, Database, Table and View levels for Hive and Impala, Sqrrl’s cell-level security allows for access control at the individual key or value pair level. Essentially, every single piece of data can have unique access controls, providing greater access to the data that needs to be shared while protecting sensitive data – even within the same Database or Table. As with Cloudera’s Sentry, such specificity in access control responds to data security needs in fields such as healthcare, finance, cybersecurity and government. In fact, as Sqrrl co-founder Ely Kahn highlighted in a recent interview on theCube, Accumulo was successfully implemented by members of the intelligence community, including the CIA and NSA, long before it became generally available in 2012.

In addition to cell-level security, Sqrrl offers file-system level encryption and auditing tools to provide a comprehensive security package with real-time analytical capabilities. As Sqrrl CEO Mark Terezoni discussed with TheCube’s John Furrier and Dave Vellante earlier this summer from Hadoop Summit 2013, the company promotes a built-in approach to security solutions. According to Terezoni, “[Security] can’t be a pointed solution. It can’t address one one piece of the ecosystem. It’s a stack.”

 


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU