For organizations that store sensitive data in the Hadoop ecosystem, such as proprietary or personal data that is subject to regulatory compliance (HIPPA, PCI, DSS, FISAM, etc), security is essential. Many orgranizations also have to adhere to strict internal security polices.
The Hortonworks Data Platform provides a comprehensive approach to security in the following key areas:
Perimeter security: HDP enables isolatation of the Hadoop cluster using a gateway and properly configured firewall rules. HDP supports the following perimeter security:
Gateway clients
Authentication: HDP provides single authentication point for services and users that integrates with existing enterprise identity and access management systems. HDP Supports the following authentication services:
Kerberos
LDAP
Local Unix System
SSO (at the perimenter through Apache Knox Gateway)
Authorization (Access Control): HDP provides features that allow system administrators to control access to Hadoop data using role-based authorization. HDP supports the following authorization models:
Fine-grained access control for data stored in HDFS
Resource-level access control for YARN
Courser-grain service level access control for MapReduce Operations
Table and column family level access control for HBase data, and extended ACLs for cell level control with Accumulo.
Table level access control for Apache Hive data sets
Accounting (Security auditing and monitoring): HDP allows you to track Hadoop activity using Native Auditing (audit logs), perimeter security auditing logs on the Knox Gateway, and from a central location, the HDP Security Administration console, including:
Access requests
Data processing operations
Data changes
Data Protection: HDP provides the mechanisms for encrypting data in flight, and requires the use of partner solutions for encrypting data at rest, data discovery, and data masking. HDP supports the following wire encryption methods:
