c* summit 2013: lock it up: securing sensitive data by sam heywood
DESCRIPTION
As adoption of NoSQL solutions like Apache Cassandra grows, so too does the likelihood that organizations will use it to capture and analyze sensitive data. Enterprises that don't take every precaution to protect this data leave themselves exposed to risk of a data breach, and depending on the regulatory nature of the data, fines for noncompliance. This session will discuss how transparent data encryption and advanced key management protect data at-rest and in-flight, so regardless of where the data resides — either on premises or in the cloud -- it remains garbled and unreadable to all people, processes and applications that don't require immediate access. The session will also cover DevOps automation tools that ensure rapid distributed deployment of big data security across thousands of nodes.TRANSCRIPT
![Page 1: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/1.jpg)
Lock it Up: Securing Sensitive Data
Sam Heywood vice president of marketing, Gazzang
![Page 2: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/2.jpg)
* Flexibility
* Scalability
* Performance
* Manage massive volumes of structured and unstructured data
Apache Cassandra Benefits
![Page 3: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/3.jpg)
* Flexibility
* Scalability
* Performance
* Manage massive volumes of structured and unstructured data
Apache Cassandra Benefits
![Page 4: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/4.jpg)
* Personally identifiable information * Insurance claim details * Genomics research data * Customer profile data * Medical treatment histories * Confidential financial records * Student records * DRM data * Social media credentials * GPS location data
Datasets Our Customers are Managing with Cassandra
![Page 5: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/5.jpg)
* Personally identifiable information * Insurance claim details * Genomics research data * Customer profile data * Medical treatment histories * Confidential financial records * Student records * DRM data * Social media credentials
Datasets Our Customers are Managing with Cassandra
![Page 6: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/6.jpg)
* Personally identifiable information * Insurance claim details * Genomics research data * Customer profile data * Medical treatment histories
* Confidential financial records * Student records * DRM data * Social media credentials * GPS location data
Datasets Our Customers are Managing with Cassandra
![Page 7: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/7.jpg)
* Personally identifiable information * Insurance claim details * Genomics research data * Customer profile data * Medical treatment histories * Confidential financial records
* Student records * DRM data * Social media credentials * GPS location data
Datasets Our Customers are Managing with Cassandra
![Page 8: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/8.jpg)
* Personally identifiable information * Insurance claim details * Genomics research data
* Customer profile data * Medical treatment histories * Confidential financial records * Student records * DRM data
* Social media credentials * GPS location data
Datasets Our Customers are Managing with Cassandra
![Page 9: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/9.jpg)
Why Should You Protect this Data?
![Page 10: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/10.jpg)
Breaches Hit Every Industry
![Page 11: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/11.jpg)
* The average cost of a data breach in the US is $5.5 million dollars
* In March, the U.S Department of HHS and BCBS of Tennessee settled for $1.5 million for potential HIPAA violations
• 1 million individual’s records were breached off unencrypted hard drives • Stronger HIPAA rules increase fines for non-‐compliance
Breaches are Expensive
![Page 12: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/12.jpg)
It’s the Right Thing To Do For Your Customers
Most Importantly…
![Page 13: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/13.jpg)
* “I need to protect sensitive data in my cloud” • Ensure sensiBve data and encrypBon keys are never stored
in plain text or exposed publicly • Maintain control of your encrypBon keys and your regulatory
data to ensure compliance
* “Help me secure my big data infrastructure” • Harden Big Data infrastructures that have weak security and no
cryptographic protecBon • Maintain Big Data performance and availability
What We Hear From Our Customers
![Page 14: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/14.jpg)
* “I need to maintain control of my keys” • Manage the rapid growth of key, cerBficate, token, and object
proliferaBon caused by cloud/Big Data adopBon • Consolidate IT security objects and bring them under a
consistent set of controls and policies
* “My cloud provider should not have access to my data” • Deploy mulB-‐factor authenBcaBon in the cloud • Establish and enforce robust access controls for sensiBve objects
What We Hear From Our Customers
![Page 15: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/15.jpg)
* zNcrypt™ • Provides transparent data encrypBon to secure Big Data (NoSQL and SQL open
source plaRorms) in the cloud or on premises. * zTrustee™
• A soUware only “virtual HSM” to manage and secure ANY opaque IT object. Policy-‐driven vault for securing and managing an organizaBon’s most important IT security items (cryptographic keys, tokens, cerBficates, configs, and more).
* zOps™ • A single, unified console for monitoring Gazzang acBons and their impact on the “Big Data stack”(security threats, cloud integrity, IO, performance, machine behavior and more).
The Gazzang Solution Suite
![Page 16: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/16.jpg)
zNcrypt sits between the file system and any database, application or service running on Linux to encrypt data before written to the disk. • AES-256 encryption • Process-based ACLs • Multiple encrypted mount points • Requires no changes to app,
data or storage • Enterprise scalability • Packaged support for Cassandra,
Hadoop, MongoDB, MySQL, PostgreSQL, Riak
Gazzang File Level Encryption
![Page 17: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/17.jpg)
Securing “opaque objects” with policy management and adaptive “trustee” authorization capabilities
Gazzang zTrustee™ - Controlling Authentication Objects
• Trustee votes • Time to live • Retrieval limits • Single-‐use URL • Client permissions
Trustees must approve release of objects in accordance with the deposit policy
API Library • Java • Python • C library
![Page 18: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/18.jpg)
* Install zNcrypt • Package managers (yum, apt-‐get) and Chef
* Create master encryption key • Passphrase method (opBonal “split security”) • RSA Key file method
* Create ACLs • Simple command-‐lines (ALLOW/DENY style) • Almost any process or script allowed:
• Virtually any applicaBon, process or script: Apache, Tomcat, MongoDB, MySQL, backup soUware, document management, etc
* Encrypt data • Simple command line calls, down to the file level
Ease of Deployment
![Page 19: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/19.jpg)
Chef – Opscode Community
![Page 20: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/20.jpg)
https://github.com/gazzang/cookbooks/tree/master/zncrypt
zNcrypt Cookbook Source on github
![Page 21: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/21.jpg)
* Headquartered in Austin, TX * Focused on high-performance data encryption
and key management * Specialize in securing cloud and big data
environments: Apache Cassandra and Hadoop * Serve a variety of verticals: Health care, retail,
government, education, IT
About Gazzang
![Page 22: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/22.jpg)
* Visit www.gazzang.com/csummitsf • Take our survey for a chance to win a $200 Amex • Download our “Securing Cassandra” white paper • Watch the Gazzang-‐DataStax security webinar • Stop by our booth for a chance to win a GoPro camera
* Email [email protected] to set up a demo
Thank You
![Page 23: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/23.jpg)
THANK YOU