12/10/2013 | 1 | ©2013 Ciber, Inc.

Open Source Conference 2013

12/10/2013 | 2 | ©2013 Ciber, Inc.

NSA Scandal

12/10/2013 | 3 | ©2013 Ciber, Inc.

12/10/2013 | 4 | ©2013 Ciber, Inc.

Nine critical threats to cloud security1. Data breaches

2. Data lost

3. Account Hijacking

4. Insecure APIs

5. Denial of Service

6. Malicious Insiders

7. Abuse of Cloud Services

8. Insufficient Due Diligence

9. Shared Technology Issues

Source: http://www.cloudsecurityalliance.org/topthreats

12/10/2013 | 5 | ©2013 Ciber, Inc.

Data breaches

• Competitive data falls in the hands of the competitors.

12/10/2013 | 6 | ©2013 Ciber, Inc.

Client Case

Use case: How to secure access and monitor the use of my Big Data resources

Challenges:

• Heterogeneous landscape with multiple data sources

• No single source for authorization

• Authorization required on row and field level

12/10/2013 | 7 | ©2013 Ciber, Inc.

What to do?

• Define security strategy

• Define security authorization rules

• Implement security authorization rules

• Monitor and analyze authorization information

12/10/2013 | 8 | ©2013 Ciber, Inc.

DATA VIRTUALIZATION

Our solution

12/10/2013 | 9 | ©2013 Ciber, Inc.

What is data virtualization?

• New views on your existing data!

• Real-time transformation of data

• Accessible as common database

• No data replication or duplication

12/10/2013 | 10 | ©2013 Ciber, Inc.

Generic solution architecture

IBM Netezza

Greenplum

Terradata

Mondrian

MS Excel

MS Access

XML Files

Google spreadsheets

Flat files

JBoss DatagridLegacy

Web services

REST

OData

Oracle

MS SQL Server

IBM DB2

Etc.

Hive

MongoDB

12/10/2013 | 11 | ©2013 Ciber, Inc.

What should be secured?

• Access– Encrypted storage and transport

– Integrated with corporate identity management

• Information model– Read & write access to views, tables and columns

– Execute permission of procedures

• Data– Restrict access to data based on criteria

• Monitoring usage and auditing– Log user access and data usage

– Enable monitoring and usage analysis with dashboards

12/10/2013 | 12 | ©2013 Ciber, Inc.

Solution architecture from a technical perspective

A

U

T

H

E

N

T

I

C

A

T

I

O

N

JBoss DV

Red Hat JBoss Data Virtualization (DV)

Logging

Data warehouseIBM Netezza

AuditingAuthorizationVDB

Log storageIBM Netezza

OData (XML / JSON / ATOM)

Web services (Http/SOAP, XML)

Data API Interface

JDBC (SQL)

JBoss EAP + DV

Webbrowser UI access

(Https)

Secure SQL Access for

Business Applications and

Reporting

JDB

C

SQ

L

JDB

C

SQ

L

Asy

nc

JMS

Qu

eu

e

Asy

nc

JMS

Qu

eu

e

Formatting

JDBC (SQL)

Administration UI

Adapters

Dashboard

Directory serverNovell eDirectory

LDA

P

12/10/2013 | 13 | ©2013 Ciber, Inc.

What and how to secure?

Example employee view model

12/10/2013 | 14 | ©2013 Ciber, Inc.

What and how to secure?

Example employee view model Model authorization:

Only updatable by supervisor

12/10/2013 | 15 | ©2013 Ciber, Inc.

What and how to secure?

Example employee view model

Filter criteria:

Supervisor may only

see own employees

12/10/2013 | 16 | ©2013 Ciber, Inc.

Other use-cases for Data Virtualization

• Real time integrated views on production data instead of data warehouse

• Access to legacy data

• Abstract data consumers from producers

• Ease migration of applications

12/10/2013 | 17 | ©2013 Ciber, Inc.

Takeaway points

• Think from the start how you want to implement your security and build it in your design

• Red Hat JBoss Data Virtualization 6 can help you and can do more!

12/10/2013 | 18 | ©2013 Ciber, Inc.