Upload
others
View
16
Download
0
Embed Size (px)
Citation preview
12/10/2013 | 1 | ©2013 Ciber, Inc.
Open Source Conference 2013
12/10/2013 | 2 | ©2013 Ciber, Inc.
NSA Scandal
12/10/2013 | 3 | ©2013 Ciber, Inc.
12/10/2013 | 4 | ©2013 Ciber, Inc.
Nine critical threats to cloud security1. Data breaches
2. Data lost
3. Account Hijacking
4. Insecure APIs
5. Denial of Service
6. Malicious Insiders
7. Abuse of Cloud Services
8. Insufficient Due Diligence
9. Shared Technology Issues
Source: http://www.cloudsecurityalliance.org/topthreats
12/10/2013 | 5 | ©2013 Ciber, Inc.
Data breaches
• Competitive data falls in the hands of the competitors.
12/10/2013 | 6 | ©2013 Ciber, Inc.
Client Case
Use case: How to secure access and monitor the use of my Big Data resources
Challenges:
• Heterogeneous landscape with multiple data sources
• No single source for authorization
• Authorization required on row and field level
12/10/2013 | 7 | ©2013 Ciber, Inc.
What to do?
• Define security strategy
• Define security authorization rules
• Implement security authorization rules
• Monitor and analyze authorization information
12/10/2013 | 8 | ©2013 Ciber, Inc.
DATA VIRTUALIZATION
Our solution
12/10/2013 | 9 | ©2013 Ciber, Inc.
What is data virtualization?
• New views on your existing data!
• Real-time transformation of data
• Accessible as common database
• No data replication or duplication
12/10/2013 | 10 | ©2013 Ciber, Inc.
Generic solution architecture
IBM Netezza
Greenplum
Terradata
Mondrian
MS Excel
MS Access
XML Files
Google spreadsheets
Flat files
JBoss DatagridLegacy
Web services
REST
OData
Oracle
MS SQL Server
IBM DB2
Etc.
Hive
MongoDB
12/10/2013 | 11 | ©2013 Ciber, Inc.
What should be secured?
• Access– Encrypted storage and transport
– Integrated with corporate identity management
• Information model– Read & write access to views, tables and columns
– Execute permission of procedures
• Data– Restrict access to data based on criteria
• Monitoring usage and auditing– Log user access and data usage
– Enable monitoring and usage analysis with dashboards
12/10/2013 | 12 | ©2013 Ciber, Inc.
Solution architecture from a technical perspective
A
U
T
H
E
N
T
I
C
A
T
I
O
N
JBoss DV
Red Hat JBoss Data Virtualization (DV)
Logging
Data warehouseIBM Netezza
AuditingAuthorizationVDB
Log storageIBM Netezza
OData (XML / JSON / ATOM)
Web services (Http/SOAP, XML)
Data API Interface
JDBC (SQL)
JBoss EAP + DV
Webbrowser UI access
(Https)
Secure SQL Access for
Business Applications and
Reporting
JDB
C
SQ
L
JDB
C
SQ
L
Asy
nc
JMS
Qu
eu
e
Asy
nc
JMS
Qu
eu
e
Formatting
JDBC (SQL)
Administration UI
Adapters
Dashboard
Directory serverNovell eDirectory
LDA
P
12/10/2013 | 13 | ©2013 Ciber, Inc.
What and how to secure?
Example employee view model
12/10/2013 | 14 | ©2013 Ciber, Inc.
What and how to secure?
Example employee view model Model authorization:
Only updatable by supervisor
12/10/2013 | 15 | ©2013 Ciber, Inc.
What and how to secure?
Example employee view model
Filter criteria:
Supervisor may only
see own employees
12/10/2013 | 16 | ©2013 Ciber, Inc.
Other use-cases for Data Virtualization
• Real time integrated views on production data instead of data warehouse
• Access to legacy data
• Abstract data consumers from producers
• Ease migration of applications
12/10/2013 | 17 | ©2013 Ciber, Inc.
Takeaway points
• Think from the start how you want to implement your security and build it in your design
• Red Hat JBoss Data Virtualization 6 can help you and can do more!
12/10/2013 | 18 | ©2013 Ciber, Inc.