Next week you can get a rare chance to chat with the Chief Architect of a new Big Data application - one with the power to disrupt a $Trillion-dollar industry. Gazzang will host an "Ask the Architect" presentation with Robert Stewart of Castlight Health, who will share:
It's not every day you get to compare notes with a peer who is running Big Data in production. Even more intriguing is getting the chance to talk with a leader who is making real waves in the marketplace, because Castlight Health is bringing pricing and quality transparency to healthcare, boldly going where no one has gone before.
Join us Wednesday, December 11th at 11am CST. Space is limited, so register for this complimentary "Ask the Architect" presentation today.
90% of Gazzang implementations take 2 hours or less. But there are skeptics out there who still say encryption is too much of a hassle. If you’re that kind of skeptic, this post is for you.
I pulled aside Ross McDonald, a Gazzang Implementation Engineer, to give me a detailed explanation of what you see and hear during the encryption of your data.
A: It turns out that a lot of people procrastinate when it comes to security. We get it; the focus is on “can we develop these capabilities?” right up until you can. Then the focus becomes “can we really launch this by [insert rapidly-approaching date]??” And you hear “not without securing the data.”
So we often get phone calls requesting a quick-turn installation. One of the state-managed Affordable Care Act exchanges came to us just a few days before their launch and it wasn’t a problem. A typical implementation takes less than 2 hours, start-to-finish. I’ve had days when we’ve encrypted more than 150 volumes at a time. Another support engineer here at Gazzang had a day recently where he implemented 4 different customers back-to-back; he was pretty tired at the end, but he could definitely do it again.
A: (laughing) Sure. Well we typically block off 2 hours for each installation just to be safe. The installation itself usually takes place over a phone call, usually between myself and a few technical contacts from the customer-side. Installations, in general, rarely take 2 hours to complete (though this can vary depending on the size of the encrypted data), and more often than not (assuming we’re not doing anything too crazy) we’re done in 30 minutes.
A: Well, we actually only need a system administrator that has root access to the box we’re deploying on. Sometimes a DBA or project manager sits in just to make sure things run smoothly. Every now and then someone from IT security or business will sit in as well. If it’s a new project with a partner, like Cloudera, sometimes one of their representatives sits in too. But honestly, it’s typically just a one-person job from the customer’s perspective.
A: I take a few minutes - like 5 - to look at the customer environment and double check for any red flags (being on a very old kernel version, incompatible hypervisors, etc.). Once I’ve been able to look at the environment, I customize our installation scripts based on what I see, then I’ll send a copy to the customer for them to execute.
A: No, sorry, I should have said we’re screen-sharing, so they see the script as I’m customizing it. It’s very much like pair-programming...two sets of eyes and all that. We want them to know what we’re doing at all times. They can even take the script and modify it to meet their set of criteria if they need to (most don’t).
Once it’s done, I’ll send them a link to their customized script (either through AWS S3 or another publicly available location). That way they have it if they ever need to rebuild a machine or deploy on more servers.
A: About 10 seconds. We’ve debated creating binaries instead of scripts to pass along to the customer, but that makes a lot of people nervous. We like to keep it in an easy-to-read and easy-to-modify format that most techies understand. That way they can go and reuse what’s important to them and throw away the rest.
A: We run the script (which installs the software). Sometimes they do it themselves, and sometimes they give me control and I do it. It reads out as it goes through the next few steps automatically.
A: For an online deployment, the installation is done after about 2 minutes. Then after another 1 minute, it’s done registering with the key server.
A: Well, at the moment, the only key server you can use with zNcrypt (Gazzang’s encryption utility) is the zTrustee Universal Key Store. But we have done several engagements where the root of trust is left with another vendor’s Hardware Security Module (HSM), which is typically required for legacy reasons. zTrustee itself is extremely lightweight and easy to install, though, so most customers choose that - which takes about 10 minutes.
A: Ha! Well I’d plan on a few hours if you have a very large data set (1TB+) or cluster. But our zNcrypt 3.3 release that came out last week does the initial encryption faster than before… so it just keeps getting faster.
A: It wraps up – the script I mean – with about 1 minute of setting up the access control lists I’d discussed with the customer during the script customization period.
A: I walk the customer through about 10 minutes of QA, proving the right processes have access, etc. We might restart the server and show how the access control layer operates.
A: Not usually, but I’d certainly answer any! Before we sign off, I like to take 5 minutes to review the documentation, cover how to contact support, and stuff like that. But it’s pretty straightforward.
A: Yep… and I’ll point out that everything I’ve described here takes <1 hour if you don’t have a lot of data yet.
A: (grins) I help make sure customer questions get answered quickly - even weeks, months, or years after installation. I also recently developed a workshop at the request of AWS; they wanted a workshop for their re:Invent conference - so app developers could learn how to secure their data. And I do weekly reviews of the new features Gazzang’s developing. It’s not like I get bored, believe me.
In part 2 of this post, Ross describes the implementations that take longer than 2 hours - sometimes by design, but also covering what can go wrong. Tune in for more next week!
There's a lot of buzz over this Electronic Frontier Foundation (EFF), "Encrypt the Web" report detailing how a handful of large, mostly Internet-based companies, are protecting your data. Check out the results at the bottom of this blog to see what type of encryption measures companies like Amazon, Facebook, LinkedIn and Twitter have put in place.
What you'll notice almost instantly is that the report covers only network encryption, looking at whether these companies support strict HTTPS and encrypt data center links. These security measures are critical in light of news that the NSA has tapped into the fiber-optic lines of Google and Yahoo.
However encryption over the wire is only half the story. After all, data can't keep moving forever. Data at rest must be encrypted and secured with the same amount of vigor, if not more. Data at rest is often more vulnerable (it's an easier target) and encrypting it more challenging. That's because now encryption keys need to stick around as long as the stored data does. So in addition to ensuring data at rest is encrypted, you now need to manage each of the unique encryption keys in a way that prevents unauthorized people from accessing them.
I'd like to see an update to the EFF report that shows which of these organizations are encrypting data at rest and whether these same organizations use a key management system to control access to that encrypted data.
Dear Mr. President,
My name is Larry Warnock, and I'm the CEO of Gazzang, a data security software company based in Austin, Texas. Our headquarters are actually right across the street from the Capital Factory which you visited this past May.
I recognize that the healthcare.gov launch hasn't exactly met expectations, and yesterday's news about potential security flaws doesn't make rolling this out to the American people any easier. But what struck me is that the choices you and the Department of Health and Human Services faced during site development are the same ones that many of the world's largest enterprises face every day when deploying new web-based applications. Namely, what is the real cost of security?
By cost, I don't mean price. There's an antiquated notion that data security must come at the expense of usability, site performance and fast deployments and upgrades -- and that somehow, doing everything possible to prevent a breach (and the resulting fallout) is best left for after the site is built and in the final testing phase.
Think about a homeowner. Would someone wait until after their home is burglarized to install an alarm system and put locks on their windows and doors? Of course not. Brick by brick, as a house is constructed, security is implemented. The same must be true when constructing a web site. Security must be considered in every phase of design and development, because today a data breach isn’t merely a threat. It’s a near certainty.
While a breach can be catastrophic, the good news is solutions like data encryption can go a long way toward averting the associated risks and loss of trust.
Gazzang works with hundreds of healthcare, financial and government organizations to ensure customer data remains private and inaccessible to unauthorized parties. We are offering to provide data encryption services for healthcare.gov at no cost to taxpayers. Data encryption simply put takes perfectly readable information and scrambles it in such a manner that no one can read or make sense of the data without the proper permissions. And because of the way our software is architected, there's no cost to site performance or usability either.
Personal information like names, social security numbers, email addresses and employer information -- the type of detail hackers look for, and the type of detail being entered into healthcare.gov -- must be secured at all costs.
Mr. President, this is your chance to win back the public trust.
WHAT WE ASK OF YOU
Thank you Mr. President. I look forward to joining the cause and helping you solve this problem.
President and CEO
We are pleased to announce Gazzang CloudEncrypt™, our software-based data security solution purpose built to secure sensitive data within Amazon Elastic MapReduce (Amazon EMR), is the focus of an AWS Bootcamp this afternoon at AWS re:Invent in Las Vegas.
We believe Amazon is going to address cloud security in a big way at this year's conference, and we're excited to play a role in their strategy. Gazzang and Amazon have a longstanding partnership with joint customers that include some of the largest companies in the world. Our ability to encrypt data within AWS and enable customers to maintain full control over their encryption keys - all at high performance and scale - is unique and important for acheiving compliance inititatives such as HIPAA, PCI, FERPA and even European Privacy regulations.
You may remember, Gazzang announced CloudEncrypt in the spring of 2013. Since that time, the solution has quicky gained traction with AWS and its customer-base as a method of encrypting and protecting data at every stage of the EMR environment. Today's bootcamp is titled, "Mapping Enterprise Security Tools and Operations to AWS" and will be led by Yinal Ozkan, solutions architect at AWS. Eddie Garcia, our VP of InfoSec will be on hand as well to answer any questions.
An abstract of the session is below:
Mapping Enterprise Security Tools and Operations to AWS
This bootcamp is designed to help you learn how to map existing enterprise information security controls to AWS while leveraging the highly available, elastic, and scalable AWS services. The risk-based content will include generating security blueprints for AWS, security architecture and security operations, asset management, identity and access management, security zoning and network segmentation, logging-monitoring and alerting, data security and encryption, and finally compliance and risk management frameworks. All topics will include either hands-on labs or actual use cases. We recommend attendees have familiarity with command-line and web-based configuration tools, knowledge of information security risk management, as well as an understanding of enterprise security tools such as firewalls, IDS/IPS, encryption, SIM/SIEM, host based security system.
We’re pleased to announce the general availability of the latest versions of Gazzang zNcrypt™ and Gazzang zTrustee™ our transparent data encryption and key management products. The enhancements, which were driven largely by customer feedback, simplify the installation process, speed the initial encryption times and deliver new security features.
Check out what’s new in zNcrypt 3.3 and zTrustee 3.5 below:
We’re always looking for ways to improve on our existing solutions and bring more innovative cloud and big data security products to market. Please keep the feedback coming, and we’ll continue to provide you with high-performance solutions that are easy to install and use and provide maximum protection for your sensitive data.
Who doesn't love a good zombie flick, right? Hordes of undead ambling around in tattered clothing looking for something to eat. The low, drawn-out moans of a once-productive member of society, who now possesses the brainpower of a teenager on an 8-hour Call of Duty bender.
While I don't believe the zombie apocalypse is happening anytime soon (at least not for another six months), there is another form of undead that is very much alive and well today. I'm talking of course about... digital data.
We're at the point now where anything you do online leaves a digital footprint, whether it's a photo posted to Instagram, a purchase on Amazon, or a patient intake form completed on an iPad.
This data, stored in the cloud, is often moved and replicated, but it really can't be destroyed, and companies place a great deal of value on it. We often talk about this phenomenon of Big Data. It's the increasing flow of varied forms of data that ultimately reaches petabyte scale. And it contains little bits and pieces about you that are next to impossible to erase.
Consider the following:
Data can literally be kept forever. Thanks to the nature of big data architectures, most organizations will never run out of storage capacity. So data, regardless of it's importance, can be retained forever. That means 40 years from now, a company might still retain all the metadata associated with a purchase you made online last week. It stands to reason that the more data that gets scooped up, the more personal data gets scooped up. Organizations, particularly those in Europe that must comply with strict privacy regulations, will need to make some tough decisions about how to keep personally identifiable information (PII) confidential.
Companies should care more about privacy than consumers. While individuals may care about privacy, particularly when it comes to their children, I don't believe that the collective masses do. Social media sharing, providing an email address in exchange for online coupons, giving a mobile gaming app access to your contacts, lack of outrage of the NSA spying scandal are all evidence of that. On the other hand, companies care greatly about their reputation and their competitive advantage, so they can't afford to be viewed as having a laissez faire attitude toward protecting sensitive data. Gazzang works with a number of SaaS companies who have gone to great lengths to keep their customer data private.
Anonymizing certain datasets is not the answer. A commonly held belief is that anonymizing or tokenizing certain personally identifiable information like names, addresses and phone numbers is the best way to ensure user privacy. This is simply not true. With as much user data as there is floating around, today's analytics systems make it possible to take a series of disparate bits of data and piece them together to figure out exactly who an individual is.
How analyzed data is used depends on the company. Whether data is used to predict future behavior or condemn those with past transgressions is up to the company. I suspect there will be use cases for both since the data and tools are available. Take the airline industry for example. A frequent flyer in good standing who is known to travel abroad for two weeks in October, may in late September receive a gratis global TSA Pre check to get them through the security line more quickly. That same airline may also decide to charge a premium on business travelers in late March, June and September because they know from historical data who the salespeople are that need to travel in order close out a successful quarter.
Don't just pay lip service to data security. Do something about it. C-level execs need to have a serious security and privacy conversation BEFORE their company embarks on a big data project. You don’t wait until after a burglary to put locks on your doors, and you should not wait until after a breach to secure your data. It is possible to respect customer and employee privacy, even as you pile up terabytes of data. Here are a few tips on how:
If there were any lingering questions about Hadoop’s dominance as a big data platform, I think the first night of Hadoop World put those to rest.
The annual Strata event kicked off yesterday with a packed Happy Hour on the Expo floor, where thousands were packed like sardines to see the latest and greatest from the likes of Cloudera, Pivotal, MapR and scores of other big data vendors.
The Gazzang team is out force this year. We’re pumped about all the great sessions as well as the conversations with customers, prospects and partners about big data security. Not that you need an excuse to swing by our booth, but here are a few things we’ll most certainly be discussing.
Security for big data
Want to do Hadoop right? You’ll need data security. Throughout the day, we’ll be sharing demos of Gazzang encryption and key management running on the big data platform. We’ll show how easy it is to deploy, configure and use and talk about why performance is second to none.
Gazzang is now available on Rackspace Big Data Solutions
You may have seen the news yesterday that Rackspace announced Rackspace Managed Big Data Platform, but did you know Gazzang is one of the first companies out of the gate to provide security for it? Gazzang zNcrypt and zTrustee can provide Rackspace customers with high-performance data security that runs beneath their Apache Hadoop applications.
Gazzang is securing Intel keys
Gazzang zTrustee, now the most popular key manager available for Hadoop, can manage security keys from a variety of applications. At Hadoop World, we’ll talk about how you can use it to store and manage keys from the latest version of the Intel Distribution of Apache Hadoop.
Of course, if all else fails, come see us for the best trade show swag on the floor. Any guesses?
One of my favorite days of the year is when the Austin City Limits Music Festival releases its lineup grid. It’s fun to browse the list of amazing bands and start plotting out who I’m going to see and when.
There’s also a certain amount of hand wringing during this process, as I’m forced to choose between interesting musical acts playing at the same time on a different stage on the other side of the park.
Fortunately, I usually only have to face agonizing decisions like whether to see “Passion Pit” or “Wilco” once a year.
Then the Strata Conference released its 2013 Hadoop World lineup, making me once again bang my head against the wall as I try to figure out where I’m going to be next Tuesday at 11:00am.
Hadoop World has always had great sessions, but conference organizers really outdid themselves this year. Narrowing down my list to something manageable, while still leaving time to roam the show floor and visit our amazing booth, was a challenging task. Below are a few sessions I look forward to checking out next week. I'm sure this will change ten times between now and Monday.
According to Gartner, Hadoop is near the top of the Hype Cycle. While some customers have questions about the enterprise capabilities of Hadoop, the answers are clear as production deployments continue to expand. This session will use successful customer experiences to highlight the power of Hadoop and separate the myths from reality.
My Take: What can I say? I’m a sucker for myth debunking. MapR Technologies also has some very interesting customers, using Hadoop in unique ways. I’m looking forward to hearing some of those stories.
Multi-tenancy in the cloud poses concerns about accidental or deliberate exposure of sensitive data. Using anonymization, confidential data is obscured in a way that maintains privacy while preserving the ability of useful processing. There is a gap in the existing big data ecosystem for a scalable anonymization solution. We'll share the challenges and lessons learned in building such solution.
My Take: It’s nearly impossible to have a discussion about cloud without talking about data privacy I’m interested to hear how Google is approaching this issue.
For some, Hadoop is synonymous with "Big Data." But Hadoop is just one component of a successful Big Data architecture. NoSQL solutions like MongoDB also play a dominant role for storage and real-time data processing, and RDBMS has a place, too. This session will drill down on the different types of NoSQL databases and how they fill out Hadoop and RDBMS in a modern Big Data architecture.
My Take: It's always great to hear from Matt Asay, who can rise above the speeds and feeds conversation to help you see the business value of big data. Plus, it’s hard to resist a session where the speaker nets out the differences between NoSQL databases.
Hadoop is a powerful and extensible platform for big data storage and processing needs. Join Ritu Kama and Vin Sharma, Hadoop product leads at Intel, to learn how the latest release of the Intel Distribution for Apache Hadoop brings together a number of security mechanisms - from role-based access control to fine-grained data auditing - to help enterprises ensure governance of their data lake.
My Take: See what I mean? Tuesday at 11:00am is a mess. I’m looking forward to hearing from Ritu and Vin about new security controls in IDH. Check out the Gazzang booth (#27) at Hadoop World to learn how our key management solution is enabling some of the advanced features in the latest version of Intel’s Hadoop Distribution.
The National Security Agency works with some of the world’s largest, most complex, and most sensitive datasets. In order to analyze this data, NSA has developed some powerful tools, such as Apache Accumulo. Come learn about NSA’s key lessons learned about building a Big Data platform from the former Technical Director of the Accumulo project at the NSA.
My Take: You had me at “Lessons Learned.”
When Hadoop is used for sensitive data, security requirements arise that require strong authentication, authorization of data/resources, and data confidentiality. This session covers how various parts of the Hadoop ecosystem can interact in a secure way to address these requirements. We will focus on the advanced Apache Hive authorization features enabled by the Apache Sentry (incubating) project.
My Take: At Gazzang, we talk about securing sensitive data in environments like Hadoop all the time. Often the conversation begins with data-at-rest encryption and key management, and then veers into territories like authentication and access controls. Cloudera is one of our longest standing partnerships. I’m looking forward to hearing how they address they many layers that make up Hadoop security. Of course we'll be talking lots about data encryption and key management on Cloudera at booth 27.
Nordstrom started modestly in 1901 as a small shoe store in Seattle, and has since expanded to 117 full-line department stores and 138 Rack stores across the country. The art of retailing has changed dramatically over the last century and retailers today are concerned with understanding customer behavior and preferences both in the physical world and online.
My Take: Who doesn’t love hearing a story about how a 112-year-old brick and mortar company has morphed into the ultimate data science experiment?
Earlier this month, the Ponemon Institute released the 2013 Cost of Cyber Crime Study, reporting that that the average annualized cost of cybercrime incurred by U.S. organizations reached $11.56 million. This represents a 78 percent increase since the initial study was conducted four years ago. The study also found it takes 2x as long to resolve a cyberattack now, with scrutiny increasing every minute.
The costs of a cyberattack – both monetary and time – are staggering. In fact, that same study puts the cleanup costs at about $1 million, a number that likely doesn’t include hard-to-measure costs like loss of revenue from customers who leave you, financial clawbacks from exposed customers and an emboldened set of competitors. And a serious threat to many companies’ bottom lines.
October is National Cyber Security Awareness Month (NCSAM). It’s an opportunity for both public and private sector companies to raise awareness of the constantly evolving cyber threats. It’s also an opportunity to educate customers on how to create a safe, secure and resilient digital environment.
Gazzang is a big supporter of NCSAM, and are working closely with our customers to ensure their sensitive data is encrypted and protected everywhere it travels. A large part of this security process includes key management, where the keys are always isolated from the encrypted data and protected by several layers of policy and access controls.
Cybercrime is on the rise and the hackers are getting more sophisticated with each attack.
No single person or company is going to prevent cybercrime, but it is possible to mount a strong defense. Make sure you have several layers of security including firewalls, identity management, authentication and encryption.
For more information on Gazzang’s solutions for cybersecurity visit: http://www.gazzang.com/solutions/cybersecurity