Centrify Corporation, the leader in unified identity management across cloud, mobile and data centre, today announced the industry’s first privileged identity management solution for Apache Hadoop-based big data infrastructures, as well as partnerships with industry-leading big data vendors Cloudera, Hortonworks and MapR Technologies. With today’s release of Centrify Server Suite 2015, organisations can now leverage their existing Active Directory infrastructure to control access, manage privilege, address auditing requirements, and secure machine-to-machine communication with and across their Hadoop clusters, nodes and services.
The global Hadoop market, powered by the rise in demand for big data analytics, is forecast to grow from $2 billion in 2013 to a staggering $50.2 billion by 2020, according to Allied Market Research. Hadoop clusters often contain sensitive personally identifiable information (PII) and other highly regulated data, so auditing and controlling user and administrator access to Hadoop and its underlying server infrastructure is critical to address both security and compliance requirements for regulations such as SOX, PCI and HIPAA. In addition, Hadoop deployments often introduce duplicate identity silos or have limitations in their support for complex Active Directory environments that can increase both risk and additional costs by not letting organisations seamlessly leverage their existing identity infrastructure and skillsets.
According to Gartner, “With the advent of major compliance mandates, ongoing concerns about application and data security, it is apparent that sensitive data in Hadoop must be protected as well as sensitive data in traditional databases. With the advent of Hadoop 2.0 — and the expanded, real-time applications — the likelihood of sharing data among many users and applications rather than isolating each application, as was often the case in the first generation, increases security exposures. Monitoring and auditing: One aspect of ensuring that information isn’t leaking, that changes to cluster are authorised, and that transformations and queries can be traced back to the originating, accountable users of applications and data.”1
Centrify has built new features and compatibility enhancements in the areas of Kerberos network authentication, service account management, and Active Directory and Hadoop interoperability into Centrify Server Suite 2015 to address these concerns and extend the security capabilities provided by the Hadoop platform vendors to now offer robust privilege management for Hadoop environments. This approach also simplifies and streamlines Hadoop deployments by allowing organisations to utilise existing identity management skillsets. In addition, to ensure compatibility as well as vendor collaboration when it comes to technical support, Centrify has built comprehensive integration guides and received product certifications from each of the major Hadoop providers.
“Over the past year or so we have had dozens of our enterprise customers begin to embark on their big data journey, and in doing so they saw immediate significant value in their Centrify identity management solution being applied to their new Hadoop deployments,” said Bill Mann, Chief Product Officer of Centrify. “These customers encouraged us to optimise our solution for Hadoop, which we gladly did, and by collaborating with them and the major Hadoop vendors, over the past year we have built in important Hadoop-specific enhancements which have culminated in the shipment of Centrify Server Suite 2015.”
Benefits of the Centrify Server Suite — the industry’s most widely deployed solution for securing identity on Linux- and Windows-based servers and applications — for Hadoop and big data environments include:
1. Simple and secure access to Hadoop environments. Centrify makes it simple to run Hadoop in secure mode by leveraging existing identity management infrastructure — Active Directory — without the hassle of introducing alternative solutions that do not scale and are not enterprise ready. Centrify Server Suite also saves money by letting organisations leverage existing skillsets within the enterprise.
2. Single sign-on (SSO) for IT administrators and big data users. By extending the power of Active Directory’s Kerberos and LDAP capabilities to Hadoop clusters, Centrify Server Suite lets organisations leverage existing Active Directory-based authentication for Hadoop administrators and end users. New SSO functionality in big data environments makes users more productive and secure by allowing them to log in as themselves, rather than sharing privileged accounts.
3. Secure machine-to-machine communications. Centrify Server Suite automates Hadoop service account management. By automating machine-to-machine credential management, Centrify secures not only user identity but also system and service account identity.
4. Reduced identity-related risks and greater regulatory compliance. The reality is that Hadoop environments store most if not all of an organisation’s most important data. Centrify Server Suite tracks user activity and associates it with an individual in Active Directory, thereby making data more secure. Centrify also reports on who did what across Hadoop clusters, nodes and services. And, by enforcing access controls and least-privilege security across Hadoop, Centrify delivers cost-effective compliance through combined access and activity reporting.
5. Certified solution for superior compatibility and support. Centrify has worked closely with the major Hadoop platform vendors and has received product certification from Cloudera, Hortonworks and MapR. This ensures product compatibility and technical support collaboration between customers, their Hadoop vendor and Centrify.
About Centrify
For more information, please visit http://www.centrify.com/.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.