10 Big Data Pros To Follow On Twitter

Score one for Cloudera. On Tuesday the company said it had completed a deal to buy data security company Gazzang. Cloudera wasn't bashful about its announcement, declaring itself "the most secure" Hadoop platform as a result of the move. Deal terms weren't disclosed.

Security isn't a new interest for Cloudera, but VP of products Charles Zedlewski said that in the past the company had punted a critical area to its partner ecosystem: encryption of data at rest.

"We realized that this was basically adding months to deployment processes, and our whole mission is to accelerate people's ability to take advantage of big data," Zedlewksi said in a phone interview. "It was incumbent on us to take ownership of this aspect of data security."

[Yes, you need software to orchestrate application life cycles. Here's why: 4 Reasons You Must Automate Your Cloud.]

Zedlewski noted that "traditional" data management firms such as Oracle or IBM don't ask their customers to shop elsewhere for their data security. "It's not out of the ordinary in terms of what you'd expect from your data management platform," he said.

According to Zedlewski, the buy-versus-build decision was fairly straightforward. Gazzang was already a Cloudera partner as the two firms had mutual customers, so integration questions were easier to answer; likewise, Cloudera wanted a track record, especially of passing audits in regulated industries.

Figure 1:

Cloudera's acquisition follows Hortonworks' purchase of the startup XA Secure last month. The trend was probably preordained. Information security has never been a hotter topic or a more pressing concern for corporations -- not even the CEO is safe after a serious breach. As big data gets, well, bigger -- and it will, thanks to the Internet of Things and other factors -- so does the potential attack surface and resulting data losses. Data security means more than protecting credit card numbers.

"It's no surprise to find that a large number of our customers want to work with sensitive data," Zedlewski said. "In fact, a high fraction of our customer base comes from industries that have all kinds of internal rules around data

Next Page

protection, or they're in industries that are regulated like financial services, healthcare, and retail."

As InformationWeek's Doug Henschen noted last month, the open-source Hadoop platform already includes several security features, such as Kerberos authentication. But the new security push by commercial vendors such as Cloudera and Hortonworks appears to address one of the barriers to enterprise Hadoop adoption by offering an A-to-Z approach to big data security. Cloudera, for instance, touted the Gazzang addition as a win for would-be Hadoop users burdened by compliance concerns, thanks to its combination of at-rest data encryption and key management features for keeping encryption keys separate from encrypted data, a necessary step for regulations such as HIPAA and PCI.

Zedlewski said that, to date, many of the company's regulated customers have kept their regulated data out of Cloudera's systems because of compliance concerns. "That regulated data might not be a petabyte of data, but it's oftentimes the most valuable data, and it's the data you need to unlock a lot of the analyses or applications that they're building," he said. "It's really about growing the value of the deployment as a whole by trusting the system to hold the regulated data."

Information security's not just a regulatory compliance concern, not by a long shot, and that's another factor in growing interest not just in big data but in secure big data. Marketing departments, for instance, must consider the long-term fallout of a potential breach, even if they're not necessarily bound by government agencies or other rules.

"In this world of big data, people are ever more concerned about privacy and how all this data and people are being tracked and how that can be misused," Zedlewski said. "A lot of the non-regulated industries have created internal policies that are effectively like regulations, that have the same requirements for data protection. While there's tremendous potential in big data, it also represents a big opportunity for reputation risk."

You can use distributed databases without putting your company's crown jewels at risk. Here's how. Also in the Data Scatter issue of InformationWeek: A wild-card team member with a different skill set can help provide an outside perspective that might turn big data into business innovation. (Free registration required.)