Lock it Up: Securing Sensitive Data
Sam Heywood vice president of marketing, Gazzang
* Flexibility
* Scalability
* Performance
* Manage massive volumes of structured and unstructured data
Apache Cassandra Benefits
* Flexibility
* Scalability
* Performance
* Manage massive volumes of structured and unstructured data
Apache Cassandra Benefits
* Personally identifiable information * Insurance claim details * Genomics research data * Customer profile data * Medical treatment histories * Confidential financial records * Student records * DRM data * Social media credentials * GPS location data
Datasets Our Customers are Managing with Cassandra
* Personally identifiable information * Insurance claim details * Genomics research data * Customer profile data * Medical treatment histories * Confidential financial records * Student records * DRM data * Social media credentials
Datasets Our Customers are Managing with Cassandra
* Personally identifiable information * Insurance claim details * Genomics research data * Customer profile data * Medical treatment histories
* Confidential financial records * Student records * DRM data * Social media credentials * GPS location data
Datasets Our Customers are Managing with Cassandra
* Personally identifiable information * Insurance claim details * Genomics research data * Customer profile data * Medical treatment histories * Confidential financial records
* Student records * DRM data * Social media credentials * GPS location data
Datasets Our Customers are Managing with Cassandra
* Personally identifiable information * Insurance claim details * Genomics research data
* Customer profile data * Medical treatment histories * Confidential financial records * Student records * DRM data
* Social media credentials * GPS location data
Datasets Our Customers are Managing with Cassandra
Why Should You Protect this Data?
Breaches Hit Every Industry
* The average cost of a data breach in the US is $5.5 million dollars
* In March, the U.S Department of HHS and BCBS of Tennessee settled for $1.5 million for potential HIPAA violations
• 1 million individual’s records were breached off unencrypted hard drives • Stronger HIPAA rules increase fines for non-‐compliance
Breaches are Expensive
It’s the Right Thing To Do For Your Customers
Most Importantly…
* “I need to protect sensitive data in my cloud” • Ensure sensiBve data and encrypBon keys are never stored
in plain text or exposed publicly • Maintain control of your encrypBon keys and your regulatory
data to ensure compliance
* “Help me secure my big data infrastructure” • Harden Big Data infrastructures that have weak security and no
cryptographic protecBon • Maintain Big Data performance and availability
What We Hear From Our Customers
* “I need to maintain control of my keys” • Manage the rapid growth of key, cerBficate, token, and object
proliferaBon caused by cloud/Big Data adopBon • Consolidate IT security objects and bring them under a
consistent set of controls and policies
* “My cloud provider should not have access to my data” • Deploy mulB-‐factor authenBcaBon in the cloud • Establish and enforce robust access controls for sensiBve objects
What We Hear From Our Customers
* zNcrypt™ • Provides transparent data encrypBon to secure Big Data (NoSQL and SQL open
source plaRorms) in the cloud or on premises. * zTrustee™
• A soUware only “virtual HSM” to manage and secure ANY opaque IT object. Policy-‐driven vault for securing and managing an organizaBon’s most important IT security items (cryptographic keys, tokens, cerBficates, configs, and more).
* zOps™ • A single, unified console for monitoring Gazzang acBons and their impact on the “Big Data stack”(security threats, cloud integrity, IO, performance, machine behavior and more).
The Gazzang Solution Suite
zNcrypt sits between the file system and any database, application or service running on Linux to encrypt data before written to the disk. • AES-256 encryption • Process-based ACLs • Multiple encrypted mount points • Requires no changes to app,
data or storage • Enterprise scalability • Packaged support for Cassandra,
Hadoop, MongoDB, MySQL, PostgreSQL, Riak
Gazzang File Level Encryption
Securing “opaque objects” with policy management and adaptive “trustee” authorization capabilities
Gazzang zTrustee™ - Controlling Authentication Objects
• Trustee votes • Time to live • Retrieval limits • Single-‐use URL • Client permissions
Trustees must approve release of objects in accordance with the deposit policy
API Library • Java • Python • C library
* Install zNcrypt • Package managers (yum, apt-‐get) and Chef
* Create master encryption key • Passphrase method (opBonal “split security”) • RSA Key file method
* Create ACLs • Simple command-‐lines (ALLOW/DENY style) • Almost any process or script allowed:
• Virtually any applicaBon, process or script: Apache, Tomcat, MongoDB, MySQL, backup soUware, document management, etc
* Encrypt data • Simple command line calls, down to the file level
Ease of Deployment
Chef – Opscode Community
https://github.com/gazzang/cookbooks/tree/master/zncrypt
zNcrypt Cookbook Source on github
* Headquartered in Austin, TX * Focused on high-performance data encryption
and key management * Specialize in securing cloud and big data
environments: Apache Cassandra and Hadoop * Serve a variety of verticals: Health care, retail,
government, education, IT
About Gazzang
* Visit www.gazzang.com/csummitsf • Take our survey for a chance to win a $200 Amex • Download our “Securing Cassandra” white paper • Watch the Gazzang-‐DataStax security webinar • Stop by our booth for a chance to win a GoPro camera
* Email [email protected] to set up a demo
Thank You
THANK YOU
