1 ©HortonworksInc.2011– 2016.AllRightsReserved

RoundTableDiscussion

CustomerAdvisoryBoardJune2017

Security&GovernanceSession#1:Merck,ING,Clearsense,Charter,HCSCSession#2:Discover,Universal,Expedia,Honeywell,SunLife,Geisinger,Bloomberg

2 ©HortonworksInc.2011– 2016.AllRightsReserved

Agenda

à Security- FocusAreas&Roadmap

à Governance- FocusAreas&Roadmap

à What’sworking?Wherearethegaps?

à Top3itemstomakesecurity&governancelesspainfulforyourenterprise?

à Whatyouwouldliketoseeimprovedinthenext6-12months(wishlist)?

3 ©HortonworksInc.2011– 2016.AllRightsReserved

Security– Ranger,Knox,&Platform

4 ©HortonworksInc.2011– 2016.AllRightsReserved

RoadmapAtAGlance- Security

SecurityFocusinHDPHDP2.5 HDP2.6 HDP3.0&Beyond

Ranger

• Classification(tag)basedsecurity(ABAC)

• DynamicColumnMasking• RowFiltering• KMSHSMIntegration

(Safenet)• LDAPImprovements• AuditScalability• ReportsPageImprovements

• Policyscalability• EnhancedPolicyconstructs(macros)• Policyexport/import• IncrementalLDAPsync• Pluginpolicyversioninfo• Hiveshow/describecolumns

authorization• SmartSense Metrics

• SharedServicesforCloud(Multi-cluster/multi-tenantsupport)

• KMIPKMSsupport• MonitoringandDynamicBlock• ProcesslevelACLsforSpark• SupportDataPlaneandDLM

capabilities• Policy prioritization

Knox

• KnoxSSOframework• KnoxSSOforAmbari/Ranger

UIs• ComponentHAsupport

• PAMauthenticationsupport• Hadoopuser-groupmappingsupport• BasicKnoxUI(preview)• Knoxsupportforwebsockets (for

Zeppelinsupport)• KnoxsupportforSOLRRESTAPI

• ExtendKnoxSSOtoHDPWebUIs• Spark,Zeppelin,&Livysupport• KnoxClientImprovementsfor

ScriptingandDevelopment• Multi-factorauth.support• KnoxUIformanagingtopologies

PlatformSecurity

• SourceCodesecurityscans &remediation

• SourceCode&WebAppPenTesting&Certification

Current

5 ©HortonworksInc.2011– 2016.AllRightsReserved

Governance- Atlas

6 ©HortonworksInc.2011– 2016.AllRightsReserved

RoadmapAtAGlance- GovernanceGovernanceFocusinHDP

HDP2.5 HDP2.6 HDP3.0&Beyond

Cloud• SharedEnterpriseServicesfor

Governance(backendonly)• SharedEnterpriseServicesforGovernance

(Multi-clustersupport)

Integrations

• Storm/Kafka, Falcon,Sqoophooks

• Highavailabilitysupport• LDAPAuthentication• Classificationbased

securityforHive• RangerAuthorization

• Tag-basedpolicysupportforHDFS,Kafka,Hbase

• KnoxSSOforAtlasUI

• SupportDataPlaneandDLMcapabilities• Sparkjoblineageandmetadataextraction• NiFi support– Lineageandmetadata• Hbase,HDFShooks

Core&Consumability

• BusinessCatalog(TechPreview)

• New UserExperience• Highavailabilitysupport

• APIrevamp– Swaggerized docs!• SimplifiedBasicSearchUI• Manualentitycreation(HDFS,

Hbase,Kafka,customtypesetc.)• Performanceandscalability

improvements• SmartSense Metrics

• Columnlevellineage• TagPropagation• Annotation&Collaboration• ImprovedLineage&ImpactUI(Search/Filtering)• Export/ImportofAtlaslineageandmetadata• QueryBuilder&StreamlinedSearch• BusinessGlossary/EnterpriseCatalog

Current

7 ©HortonworksInc.2011– 2016.AllRightsReserved

Discussion

8 ©HortonworksInc.2011– 2016.AllRightsReserved

RoundtableQuestions

1. AreyoufamiliarwithHDP2.6Securityfeatures? Hasyourorganizationpilotedordeployedanyofthem?

2. WhatareyourexperienceswiththeHDPsecuritystack?Whatpartsofoursecuritystackdoyouuse(Kerberos,Knox,Ranger, ..)andwhatdoyouplantouseinthenearfuture?

3. Whatarechallengesyouseewithyourenterprisedatasecurity?Specificpainpointswouldbehelpful.

4. Otherfeatures/roadmapitemsthatwouldhelparoundsecuritysetupandadministration?

5. Whoaretheusersofsecurityadmincomponentsinyourorganization?WhichgroupsareresponsibleformanagingsecurityinterfacesinHadoopstack?

6. Doyouhavecloud/hybriddeploymentsyouareconsideringinyournearterm(3-6month)horizon?Whatspecificsecuritychallengesdoyouforeseewiththecloud/hybridenvironments?

7. OtherthanGDPRareyouawareofanymajorregulations/standardsthatwillinfluencesecuritywithinyourbigdataenvironmentsinthenearterm?

Security

9 ©HortonworksInc.2011– 2016.AllRightsReserved

RoundtableQuestions

1. HowfamiliarareyouwithAtlasandHDPgovernancecapabilities?

2. Whatsystemsdoyouusecurrentlyasacatalogformetadata?

3. Doyouusedataclassification,metadatadiscoveryandmanagementanddataprofilingcurrently?Ifso,whichspecifictools?

4. Howimportantishavingabusinesscatalogortaxonomyforyourgovernancefunction?

5. IffamiliarwithAtlas,whatfeatures/roadmapitemswouldyouconsiderasbarrierstoadoptiontorolloutAtlasacrossyourenterprises?

6. Whattoolswouldyouliketoseeintegrated/certifiedwithAtlasecosystem?

7. IfyouhavedeployedAtlasalreadyinproductionorintheprocessofrollingitoutenterprisewide,whoaretheusersofAtlasandwhatskillsdotheycurrentlypossess?Arethereanyskillsgapsthatweshouldconsiderbridgingwithtoolcapabilitiesaswelookahead?

Governance

10 ©HortonworksInc.2011– 2016.AllRightsReserved

RoundtableResponses

1. Geisinger inHDP2.6,majorityon2.5

2. Adoption:Kerberos(12/12),Ranger(10/12),Knox(4/12),resthaveplanstodeployRangerorKnoxinthenext3months.6/12arealreadyusingHDPonAWSorAzureorhaveplanstodeploythere

3. 4/12customershadAtlas

4. Challenges:1. Multi-platformdataconsolidation2. Flexibleaccesscontrol3. ProtectiononOnboarding4. Openmetadatastandardsandgovernanceprocess5. Metadatafederation6. KerberosisaHUGEpainpointstill(evenwithAmbarimanagedenvrionments)

11 ©HortonworksInc.2011– 2016.AllRightsReserved

Readout

12 ©HortonworksInc.2011– 2016.AllRightsReserved

Whatare3concreteitemsthatcanmakesecurity&governancelesspainfulforyourenterprise?

PainPoint Comments

Security#1:Multi-tenancy,Multi-factorAuth

Security#2:“WhatIf”modeorpolicyenforcementimpact

Security#3:SSOwithOAuthsupport

Governance#1:DataDiscovery

Governance#2:DataQualityandProfiling

Governance#3:Metadataintegrationsandopenmetadataexchange

13 ©HortonworksInc.2011– 2016.AllRightsReserved

ThankYou!