BT
x Your opinion matters! Please fill in the InfoQ Survey about your reading habits!

Cloudera Acquires Big Data Encryption Startup Gazzang

by Jérôme Serrano on Jul 15, 2014 |

Hadoop distributor Cloudera pursued its strategy of securing the Hadoop ecosystem by acquiring last month the big data encryption and key management startup Gazzang. The deal will strengthen Cloudera's security offering and lead to the creation of a center of excellence for Hadoop security that will initially be fueled by Gazzang’s engineering team.

Founded in Texas in 2010 and employing about 40 people, Gazzang is no stranger to Cloudera’s community. Its technology has been certified by Cloudera since 2012 and its two leading products zNcrypt and zTrustee - now called Cloudera Navigator Encrypt and Cloudera Navigator Trustee - are already available as a downloadable parcel for Cloudera Enterprise 5, the latest version of Cloudera’s big data platform. It also has nearly 200 paying customers, including several Fortune 100 companies.

The acquisition will allow Cloudera to further the integration of Gazzang’s technology with its Enterprise product and offer a unified solution to organizations that have a legal obligation to comply with public regulations such as HIPAA-HITECH (health insurance), PCI-DSS (payment cards), FERPA (education), or the EU Data Protection Directive.

From a technical perspective, Navigator Encrypt leverages open source technologies such as eCryptfs (Enterprise Cryptographic Filesystem) and dm-crypt (disk encryption) to provide block-level TDE (transparent data encryption) and process-based access controls to restrict access to specific system processes. Because it operates at the file system level and supports Intel's AES-NI (Advanced Encryption Standard New Instructions), all HDFS files, HBase records, Hive metadata audit logs and any other file are encrypted and decrypted on the fly with minimal performance hit.

As David Tishgart, former director of marketing and alliances at Gazzang, explained on Cloudera's blog that using the latest industry standard AES-256 cipher to encrypt sensitive data is not enough to fulfill major compliances. Companies also need to think about key management, access controls, processes and documentation. This is where Navigator Trustee comes handy. This universal key manager allows users to store and manage any cryptographic object (including SSL certificates, SSH public-private keys, encryption keys and Java KeyStores) and enforce a broad range of security rules such as object authorization, expiration, revocation and retrieval limits. It also provides detailed logging and reporting features to keep track of all activities associated with objects, requests, and policies.

During a presentation at Hadoop Summit 2014, Cloudera highlighted six extra points to consider when thinking about compliance.

  • Are your encryption processes (algorithm, key length) consistent with NIST special publication 800-111?
  • Are the encryption keys stored on a separate device or location from the encrypted data?
  • What kind of authentication and access controls are enforced?
  • Is the data secured in a way that would enable you to claim safe harbor in the event of a breach?
  • Do the crypto modules meet FIPS 140-2 certification?
  • Can you account for all the sensitive data that may fall under compliance scope?

Commenting on the acquisition, Adrian Lane, CTO of Securosis, an information security research and advisory firm based in Arizona, said in a blog post:

Bundling encryption and key management capabilities into platforms will make them faster and easier to deploy – a win for customers. I usually have a handful of risks and downsides for every acquisition, but it is hard to criticize this deal because there are not that many possible downsides. This is an astute acquisition by Cloudera.

Cloudera's announcement is part of a recent industry-wide push to address the notorious lack of security in the Hadoop ecosystem, including the launch in 2013 of Project Rhino by Intel and Apache Sentry by Cloudera (the two projects have now merged), and the acquisition of XA Secure by Hortonworks in May 2014.

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Educational Content

General Feedback
Bugs
Advertising
Editorial
InfoQ.com and all content copyright © 2006-2014 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT