Category Archives: Security

Best Practices for Enterprise Data Hub Encryption

Categories: Cloudera Navigator Security

Encryption is a key security feature in Cloudera-powered enterprise data hubs (EDHs). This post explains some best practices for deployment of Cloudera Navigator Encrypt for that purpose.

For those unfamiliar with the product, Cloudera Navigator Encrypt provides scalable, high-performance encryption for critical Apache Hadoop data. It utilizes industry-standard AES-256 encryption and provides a transparent layer between the application and filesystem. Cloudera Navigator Encrypt also includes process-based access controls, allowing authorized processes to access encrypted data while simultaneously preventing admins or super-users like root from accessing data that they don’t need to see.

Read More

How-to: Deploy a Secure Enterprise Data Hub on AWS (Part 2)

Categories: Cloud How-to Security

Learn how to use Cloudera Director, Microsoft Active Directory, and Centrify Express to deploy a secure EDH cluster for workloads in the public cloud.

In Part 1 of this series, you learned about configuring Microsoft Active Directory and Centrify Express for optimal security across your Cloudera-powered EDH, whether for on-premise or public-cloud deployments. In this concluding installment, you’ll learn the cloud-specific pieces in this process, including some AWS fundamentals and in-depth details about cluster provisioning using Cloudera Director.

Read More

Cloudera’s Process for Handling Security Vulnerabilities

Categories: General Security

Cloudera considers the handling and reporting of security vulnerabilities a very serious matter. In this post, learn the processes involved.

In addition to expecting enterprise-class standards for stability and reliability, Cloudera’s customers also have expectations for industry-standard processes around the discovery, fix, and reporting of security issues. In this post, I will describe how Cloudera addresses such issues in our software.

An overview of the process looks like this flowchart:

secalert-f1

The first step in the life cycle of a security vulnerability is that it is discovered and reported to Cloudera.

Read More

Apache Sentry is Now a Top-Level Project

Categories: Security Sentry

The following post was originally published by the Sentry community at apache.org. We re-publish it here for your convenience.

We are very excited to announce that Apache Sentry has graduated out of Incubator and is now an Apache Top-Level Project! Sentry, which provides centralized fine-grained access control on metadata and data stored in Apache Hadoop clusters, was introduced as an Apache Incubator project back in August 2013. In the past two and a half years,

Read More

Building, Benchmarking, and Tuning Syslog Ingest Architecture at Vodafone UK

Categories: Flume Hadoop Kafka Security Use Case

Vodafone UK’s new SIEM system relies on Apache Flume and Apache Kafka to ingest nearly 1 million events per second. In this post, learn about the architecture and performance-tuning techniques and that got it there.

SIEM platforms provide a useful tool for identifying indicators of compromise across disparate infrastructure. The catch is, they’re only as accurate as the fidelity of the data involved, which is why Apache Hadoop is becoming such a valuable platform for that use case.

Read More