![Page 1: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/1.jpg)
Lock it Up: Securing Sensitive Data
Sam Heywood vice president of marketing, Gazzang
![Page 2: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/2.jpg)
* Flexibility
* Scalability
* Performance
* Manage massive volumes of structured and unstructured data
Apache Cassandra Benefits
![Page 3: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/3.jpg)
* Flexibility
* Scalability
* Performance
* Manage massive volumes of structured and unstructured data
Apache Cassandra Benefits
![Page 4: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/4.jpg)
* Personally identifiable information * Insurance claim details * Genomics research data * Customer profile data * Medical treatment histories * Confidential financial records * Student records * DRM data * Social media credentials * GPS location data
Datasets Our Customers are Managing with Cassandra
![Page 5: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/5.jpg)
* Personally identifiable information * Insurance claim details * Genomics research data * Customer profile data * Medical treatment histories * Confidential financial records * Student records * DRM data * Social media credentials
Datasets Our Customers are Managing with Cassandra
![Page 6: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/6.jpg)
* Personally identifiable information * Insurance claim details * Genomics research data * Customer profile data * Medical treatment histories
* Confidential financial records * Student records * DRM data * Social media credentials * GPS location data
Datasets Our Customers are Managing with Cassandra
![Page 7: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/7.jpg)
* Personally identifiable information * Insurance claim details * Genomics research data * Customer profile data * Medical treatment histories * Confidential financial records
* Student records * DRM data * Social media credentials * GPS location data
Datasets Our Customers are Managing with Cassandra
![Page 8: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/8.jpg)
* Personally identifiable information * Insurance claim details * Genomics research data
* Customer profile data * Medical treatment histories * Confidential financial records * Student records * DRM data
* Social media credentials * GPS location data
Datasets Our Customers are Managing with Cassandra
![Page 9: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/9.jpg)
Why Should You Protect this Data?
![Page 10: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/10.jpg)
Breaches Hit Every Industry
![Page 11: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/11.jpg)
* The average cost of a data breach in the US is $5.5 million dollars
* In March, the U.S Department of HHS and BCBS of Tennessee settled for $1.5 million for potential HIPAA violations
• 1 million individual’s records were breached off unencrypted hard drives • Stronger HIPAA rules increase fines for non-‐compliance
Breaches are Expensive
![Page 12: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/12.jpg)
It’s the Right Thing To Do For Your Customers
Most Importantly…
![Page 13: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/13.jpg)
* “I need to protect sensitive data in my cloud” • Ensure sensiBve data and encrypBon keys are never stored
in plain text or exposed publicly • Maintain control of your encrypBon keys and your regulatory
data to ensure compliance
* “Help me secure my big data infrastructure” • Harden Big Data infrastructures that have weak security and no
cryptographic protecBon • Maintain Big Data performance and availability
What We Hear From Our Customers
![Page 14: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/14.jpg)
* “I need to maintain control of my keys” • Manage the rapid growth of key, cerBficate, token, and object
proliferaBon caused by cloud/Big Data adopBon • Consolidate IT security objects and bring them under a
consistent set of controls and policies
* “My cloud provider should not have access to my data” • Deploy mulB-‐factor authenBcaBon in the cloud • Establish and enforce robust access controls for sensiBve objects
What We Hear From Our Customers
![Page 15: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/15.jpg)
* zNcrypt™ • Provides transparent data encrypBon to secure Big Data (NoSQL and SQL open
source plaRorms) in the cloud or on premises. * zTrustee™
• A soUware only “virtual HSM” to manage and secure ANY opaque IT object. Policy-‐driven vault for securing and managing an organizaBon’s most important IT security items (cryptographic keys, tokens, cerBficates, configs, and more).
* zOps™ • A single, unified console for monitoring Gazzang acBons and their impact on the “Big Data stack”(security threats, cloud integrity, IO, performance, machine behavior and more).
The Gazzang Solution Suite
![Page 16: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/16.jpg)
zNcrypt sits between the file system and any database, application or service running on Linux to encrypt data before written to the disk. • AES-256 encryption • Process-based ACLs • Multiple encrypted mount points • Requires no changes to app,
data or storage • Enterprise scalability • Packaged support for Cassandra,
Hadoop, MongoDB, MySQL, PostgreSQL, Riak
Gazzang File Level Encryption
![Page 17: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/17.jpg)
Securing “opaque objects” with policy management and adaptive “trustee” authorization capabilities
Gazzang zTrustee™ - Controlling Authentication Objects
• Trustee votes • Time to live • Retrieval limits • Single-‐use URL • Client permissions
Trustees must approve release of objects in accordance with the deposit policy
API Library • Java • Python • C library
![Page 18: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/18.jpg)
* Install zNcrypt • Package managers (yum, apt-‐get) and Chef
* Create master encryption key • Passphrase method (opBonal “split security”) • RSA Key file method
* Create ACLs • Simple command-‐lines (ALLOW/DENY style) • Almost any process or script allowed:
• Virtually any applicaBon, process or script: Apache, Tomcat, MongoDB, MySQL, backup soUware, document management, etc
* Encrypt data • Simple command line calls, down to the file level
Ease of Deployment
![Page 19: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/19.jpg)
Chef – Opscode Community
![Page 20: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/20.jpg)
https://github.com/gazzang/cookbooks/tree/master/zncrypt
zNcrypt Cookbook Source on github
![Page 21: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/21.jpg)
* Headquartered in Austin, TX * Focused on high-performance data encryption
and key management * Specialize in securing cloud and big data
environments: Apache Cassandra and Hadoop * Serve a variety of verticals: Health care, retail,
government, education, IT
About Gazzang
![Page 22: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/22.jpg)
* Visit www.gazzang.com/csummitsf • Take our survey for a chance to win a $200 Amex • Download our “Securing Cassandra” white paper • Watch the Gazzang-‐DataStax security webinar • Stop by our booth for a chance to win a GoPro camera
* Email [email protected] to set up a demo
Thank You
![Page 23: C* Summit 2013: Lock it Up: Securing Sensitive Data by Sam Heywood](https://reader034.vdocuments.us/reader034/viewer/2022051817/548276dfb07959570c8b47c1/html5/thumbnails/23.jpg)
THANK YOU