Posts Tagged ‘Data Protection’

Data Security: Are You Taking It For Granted?

Keith Manthey

CTO of Analytics at EMC Emerging Technologies Division


Despite the fact that the Wells Fargo fake account scandal first broke in September, the banking giant still finds itself the topic of national news headlines and facing public scrutiny months later. While it’s easy to assign blame, whether to the now-retired CEO, the company’s unrealistic sales goals and so forth, let’s take a moment to discuss a potential solution for Wells Fargo and its enterprise peers. I’m talking about data security and governance.

There’s no question that the data security and governance space is still evolving and maturing. Currently, the weakest link in the Hadoop ecosystem is masking of data. As it stands at most enterprises using Hadoop, access to the Hadoop space translates to uncensored access to information that can be highly sensitive. Fortunately, there are some initiatives to change that. Hortonworks recently released Ranger 2.5, which starts to add allocated masking. Shockingly enough, I can count on one hand the number of clients that understand they need this feature. In some cases, CIO- and CTO-level executives aren’t even aware of just how critical configurable row and column masking capabilities are to the security of their data.

Another aspect I find to be shocking is the lack of controls around data governance in many enterprises. Without data restrictions, it’s all too easy to envision Wells Fargo’s situation – which resulted in 5,300 employees being fired – repeating itself at other financial institutions. It’s also important to point out entering unmasked sensitive and confidential healthcare and financial data into a Hadoop system is not only an unwise and negligent practice; it’s a direct violation of mandated security and compliance regulations.

Identifying the Problem and Best Practices

sc3From enterprise systems administrators to C-suite executives, both groups are guilty of taking data security for granted, and assuming that masking and encryption capabilities are guaranteed by default of having a database. These executives are failing to do their research, dig into the weeds and ask the more complex questions, often times due to a professional background that focused on analytics or IT rather than governance. Unless an executive’s background includes building data systems or setting up controls and governance around these types of systems, he/she may not know the right questions to ask.

Another common mistake is not strictly controlling access to sensitive data, putting it at risk of theft and loss. Should customer service representatives be able to pull every file in the system? Probably not. Even IT administrators’ access should be restricted to the specific actions and commands required to perform their jobs. Encryption provides some file level protections from unauthorized users.  Authorized users who have the permission to unlock an encrypted file can often look at fields that aren’t required for their job.

As more enterprises adopt Hadoop and other similar systems, they should consider the following:

Do your due diligence. When meeting with customers, I can tell they’ve done their homework if they ask questions about more than the “buzz words” around Hadoop. These questions alone indicate they’re not simply regurgitating a sales pitch and have researched how to protect their environment. Be discerning and don’t assume the solution you’re purchasing off the shelf contains everything you need. Accepting what the salesperson has to say at face value, without probing further, is reckless and could lead to an organization earning a very damaging and costly security scandal.

Accept there are gaps. Frequently, we engage with clients who are confident they have the most robust security and data governance available.
sc4However, when we start to poke and prod a bit more to understand what other controls they have in place, the astonishing answer is zero. Lest we forget that “Core” Hadoop only obtained security in 2015 without third-party add-ons, the governance around the software framework is still in its infancy stage in many ways. Without something as inherently rudimentary in traditional IT security as a firewall in place, it’s difficult for enterprises to claim they are secure.

Have an independent plan. Before purchasing Hadoop or a similar platform, map out your exact business requirements, consider what controls your business needs and determine whether or not the product meets each of them. Research regulatory compliance standards to select the most secure configuration of your Hadoop environment and the tools you will need to supplement it.

To conclude, here is a seven-question checklist enterprises should be able to answer about their Hadoop ecosystem:

  • Do you know what’s in your Hadoop?
  • Is it meeting your business goals?
  • Do you really have the controls in place that you need to enable your business?
  • Do you have the governance?
  • Where are your gaps and how are you protecting them?
  • What are your augmented controls and supplemental procedures?
  • Have you reviewed the information the salesperson shared and mapped it to your actual business requirements to decide what you need?

Breakfast with ECS: Most Wanted Cloud Storage Feature Series – Part 4: Enterprise Class

Diana Gao

Senior Product Marketing Manager at EMC² ECS

Welcome to another edition of Breakfast with ECS, a series where we take a look at issues related to cloud storage and ECS (Elastic Cloud Storage), EMC’s cloud-scale object storage platform.

Hello folks!

Welcome back to ECS feature series!Breakfast with ECS Enterprise

In the previous blog of this series, we discussed ECS’ smart capabilities. In this blog, we’ll discuss how ECS is built to serve the needs of enterprises.

When selecting a cloud storage vendor, enterprises have many questions: Is this cloud built for scale? Is it secure? Is it able to handle the different business applications needed for long term business growth? Will it simplify my operational management? We at EMC were thinking these exact things when we introduced ECS.  How can ECS improve your data privacy, manageability and operation efficiency?

Watch the video below and find out the answers.

ECS is enterprise-grade yet has incredibly low storage overhead, and is capable of storing nearly 4 PB of data in a single rack. Stay tuned for the next blog discussing more about ECS’ economical capabilities. Yes! You don’t want to miss it.

Additional resources:

Why you want a Witness to Disaster Recovery

Bob Williamsen

Sr. Business Development Manager at EMC

Latest posts by Bob Williamsen (see all)

How to protect data and be prepared to survive a disaster is a big topic to cover. Obviously data protection has a lot of components—ranging from hardware capabilities, algorithms used by the system to protect data and ensure integrity, and concerns like backup and replication strategies. In this note let’s mercifully contain this discussion to what is arguably one of the most important topics – surviving a disaster with minimal disruption to your business.

Disaster Recovery, DR, is a necessary consideration when designing robust enterprise solutions. By definition, DR always implies physical distance between the systems involved in the design. Isilon supports data replication over distance and the components of an Isilon DR solution include:

  1. Application Servers
  2. LAN connecting the application servers to the Isilon storage
  3. Isilon cluster at the production data center
  4. Isilon cluster at the DR data center
  5. A WAN connecting the two data centers
  6. Isilon SyncIQ for data replication


Ok, now the data is automatically replicated—but what happens in the event of a DR fail-over?  It requires manual intervention or scripts to make the data on the DR site available to users and applications. What is missing is a way to orchestrate and automate the fail-over process so that the business magically recovers from the loss of the primary site.


EMC Data Protection Advisor For As-A-Service Cloud Environments

What can you do to ensure data protection as you move to cloud?

Services-based storage, infrastructure, and data protection trends and technologies are recurring topics in this blog. Awhile back I wrote a post about enabling data protection as-a-service discussing the need for centralized management at cloud-scale, multiple service rates based on customer data protection needs or usage, and historical data for analysis and trending. The reality is that you can only get so far with legacy products built for physical environments. At some point, management tools, like the data center environments they support, need to be remade to the requirements of the day. Effective data protection solutions are no exception.

Data protection needs are more acute for as-a-service cloud models and require new approaches. Now, with the release of EMC Data Protection Advisor 6.0, I would like to share what it means to augment a successful data protection solution and extend it with a new distributed architecture and analysis engine to cloud deployments, without losing any usability benefits (i.e. without making it complex). (more…)

Enabling Data Protection As A Service

When does data protection become a money-maker?

Data protection has long been thought of as somewhat of a necessary evil like life insurance. Throw money at the possibility that something will go wrong and pray that it never does. However, with cloud computing models and the concept of IT-as-a-service, data protection can now contribute directly to the value of the data center as well as to the bottom line.

Most organizations use numerous technologies to protect application data across primary, replica, and backup storage, as well as archive systems.  Trying to manage a mixed data storage environment without an effective data protection management strategy makes applying a uniform chargeback to these systems almost impossible. 

As IT transitions to a fully operational private cloud, effective ways to measure and meter data protection services across the environment need to be put into place. Data center managers need mechanisms to differentiate between service levels offered to the organization, and to justify and apply chargeback to business units.


Data Center Watch: Know Your Virtual Applications Are Protected

There is an interesting phenomenon going on in the data center today.

As more and more mission-critical applications move into production virtual environments, backup administrators are spending a lot more time ensuring data is truly protected.  

Understandably, the overall focus in the data center is on the internal customer, standing-up applications and services to end-users in minimal time, and ensuring service-levels.

But, how do you protect your virtual applications?

What you need is data protection for backup and recovery that is automated and standardized and just as efficient as your server and storage deployments for service delivery.




Connect with us on Twitter