InfoWorld's been doing a bang-up job covering the NSA spying scandal from the get go, and this blog from David Linthicum titled, “Let the NSA spy on us - We’re still moving to the cloud,” continues the trend.
The Cliff's notes: In an IDG News survey, high-ranking IT executives in North America and Europe were asked about the effect the NSA snooping practices have had on their cloud computing strategy. Despite the furor over the NSA, these leaders are still committed to the cloud.
Linthicum talks about the dollars and cents, that efficiency and agility benefits that the cloud provides to the enterprise far outweighs any concern that the NSA might be tapping into their communications. This echoes what we hear every day from our customers, but with a little more nuance that goes beyond quantifiable business benefits.
For example, while there’s been a lot of water-cooler discussion about the NSA and its PRISM program, I think the majority of companies recognize that their corporate IP and customer data is neither being targeted nor threatened by the government agency. If the spying program has done anything at all, it's actually raised awareness about the need for stronger cloud security techniques to the C-suite, and that's a good thing.
Despite what we often hear in the press, the public cloud can actually be pretty secure. In many cases, moreso than even an on-prem data center. But security in the public cloud all comes down to trust. How well do you trust your cloud provider's provider? Can you verify that they're enforcing the necessary protections on your data? Do you know who, outside of your company, can access your data?
While there's no single cloud security solution that will take these worries away, a great way to prevent prying eyes (by the NSA or others) from accessing your data is to encrypt the data at rest and maintain control of the encryption keys. Don't hand them over to your cloud or SaaS provider. You can read much more on key management at this link.
There's a lot of buzz over this Electronic Frontier Foundation (EFF), "Encrypt the Web" report detailing how a handful of large, mostly Internet-based companies, are protecting your data. Check out the results at the bottom of this blog to see what type of encryption measures companies like Amazon, Facebook, LinkedIn and Twitter have put in place.
What you'll notice almost instantly is that the report covers only network encryption, looking at whether these companies support strict HTTPS and encrypt data center links. These security measures are critical in light of news that the NSA has tapped into the fiber-optic lines of Google and Yahoo.
However encryption over the wire is only half the story. After all, data can't keep moving forever. Data at rest must be encrypted and secured with the same amount of vigor, if not more. Data at rest is often more vulnerable (it's an easier target) and encrypting it more challenging. That's because now encryption keys need to stick around as long as the stored data does. So in addition to ensuring data at rest is encrypted, you now need to manage each of the unique encryption keys in a way that prevents unauthorized people from accessing them.
I'd like to see an update to the EFF report that shows which of these organizations are encrypting data at rest and whether these same organizations use a key management system to control access to that encrypted data.
We are pleased to announce Gazzang CloudEncrypt™, our software-based data security solution purpose built to secure sensitive data within Amazon Elastic MapReduce (Amazon EMR), is the focus of an AWS Bootcamp this afternoon at AWS re:Invent in Las Vegas.
We believe Amazon is going to address cloud security in a big way at this year's conference, and we're excited to play a role in their strategy. Gazzang and Amazon have a longstanding partnership with joint customers that include some of the largest companies in the world. Our ability to encrypt data within AWS and enable customers to maintain full control over their encryption keys - all at high performance and scale - is unique and important for acheiving compliance inititatives such as HIPAA, PCI, FERPA and even European Privacy regulations.
You may remember, Gazzang announced CloudEncrypt in the spring of 2013. Since that time, the solution has quicky gained traction with AWS and its customer-base as a method of encrypting and protecting data at every stage of the EMR environment. Today's bootcamp is titled, "Mapping Enterprise Security Tools and Operations to AWS" and will be led by Yinal Ozkan, solutions architect at AWS. Eddie Garcia, our VP of InfoSec will be on hand as well to answer any questions.
An abstract of the session is below:
Mapping Enterprise Security Tools and Operations to AWS
This bootcamp is designed to help you learn how to map existing enterprise information security controls to AWS while leveraging the highly available, elastic, and scalable AWS services. The risk-based content will include generating security blueprints for AWS, security architecture and security operations, asset management, identity and access management, security zoning and network segmentation, logging-monitoring and alerting, data security and encryption, and finally compliance and risk management frameworks. All topics will include either hands-on labs or actual use cases. We recommend attendees have familiarity with command-line and web-based configuration tools, knowledge of information security risk management, as well as an understanding of enterprise security tools such as firewalls, IDS/IPS, encryption, SIM/SIEM, host based security system.
We’re pleased to announce the general availability of the latest versions of Gazzang zNcrypt™ and Gazzang zTrustee™ our transparent data encryption and key management products. The enhancements, which were driven largely by customer feedback, simplify the installation process, speed the initial encryption times and deliver new security features.
Check out what’s new in zNcrypt 3.3 and zTrustee 3.5 below:
We’re always looking for ways to improve on our existing solutions and bring more innovative cloud and big data security products to market. Please keep the feedback coming, and we’ll continue to provide you with high-performance solutions that are easy to install and use and provide maximum protection for your sensitive data.
Who doesn't love a good zombie flick, right? Hordes of undead ambling around in tattered clothing looking for something to eat. The low, drawn-out moans of a once-productive member of society, who now possesses the brainpower of a teenager on an 8-hour Call of Duty bender.
While I don't believe the zombie apocalypse is happening anytime soon (at least not for another six months), there is another form of undead that is very much alive and well today. I'm talking of course about... digital data.
We're at the point now where anything you do online leaves a digital footprint, whether it's a photo posted to Instagram, a purchase on Amazon, or a patient intake form completed on an iPad.
This data, stored in the cloud, is often moved and replicated, but it really can't be destroyed, and companies place a great deal of value on it. We often talk about this phenomenon of Big Data. It's the increasing flow of varied forms of data that ultimately reaches petabyte scale. And it contains little bits and pieces about you that are next to impossible to erase.
Consider the following:
Data can literally be kept forever. Thanks to the nature of big data architectures, most organizations will never run out of storage capacity. So data, regardless of it's importance, can be retained forever. That means 40 years from now, a company might still retain all the metadata associated with a purchase you made online last week. It stands to reason that the more data that gets scooped up, the more personal data gets scooped up. Organizations, particularly those in Europe that must comply with strict privacy regulations, will need to make some tough decisions about how to keep personally identifiable information (PII) confidential.
Companies should care more about privacy than consumers. While individuals may care about privacy, particularly when it comes to their children, I don't believe that the collective masses do. Social media sharing, providing an email address in exchange for online coupons, giving a mobile gaming app access to your contacts, lack of outrage of the NSA spying scandal are all evidence of that. On the other hand, companies care greatly about their reputation and their competitive advantage, so they can't afford to be viewed as having a laissez faire attitude toward protecting sensitive data. Gazzang works with a number of SaaS companies who have gone to great lengths to keep their customer data private.
Anonymizing certain datasets is not the answer. A commonly held belief is that anonymizing or tokenizing certain personally identifiable information like names, addresses and phone numbers is the best way to ensure user privacy. This is simply not true. With as much user data as there is floating around, today's analytics systems make it possible to take a series of disparate bits of data and piece them together to figure out exactly who an individual is.
How analyzed data is used depends on the company. Whether data is used to predict future behavior or condemn those with past transgressions is up to the company. I suspect there will be use cases for both since the data and tools are available. Take the airline industry for example. A frequent flyer in good standing who is known to travel abroad for two weeks in October, may in late September receive a gratis global TSA Pre check to get them through the security line more quickly. That same airline may also decide to charge a premium on business travelers in late March, June and September because they know from historical data who the salespeople are that need to travel in order close out a successful quarter.
Don't just pay lip service to data security. Do something about it. C-level execs need to have a serious security and privacy conversation BEFORE their company embarks on a big data project. You don’t wait until after a burglary to put locks on your doors, and you should not wait until after a breach to secure your data. It is possible to respect customer and employee privacy, even as you pile up terabytes of data. Here are a few tips on how:
If there were any lingering questions about Hadoop’s dominance as a big data platform, I think the first night of Hadoop World put those to rest.
The annual Strata event kicked off yesterday with a packed Happy Hour on the Expo floor, where thousands were packed like sardines to see the latest and greatest from the likes of Cloudera, Pivotal, MapR and scores of other big data vendors.
The Gazzang team is out force this year. We’re pumped about all the great sessions as well as the conversations with customers, prospects and partners about big data security. Not that you need an excuse to swing by our booth, but here are a few things we’ll most certainly be discussing.
Security for big data
Want to do Hadoop right? You’ll need data security. Throughout the day, we’ll be sharing demos of Gazzang encryption and key management running on the big data platform. We’ll show how easy it is to deploy, configure and use and talk about why performance is second to none.
Gazzang is now available on Rackspace Big Data Solutions
You may have seen the news yesterday that Rackspace announced Rackspace Managed Big Data Platform, but did you know Gazzang is one of the first companies out of the gate to provide security for it? Gazzang zNcrypt and zTrustee can provide Rackspace customers with high-performance data security that runs beneath their Apache Hadoop applications.
Gazzang is securing Intel keys
Gazzang zTrustee, now the most popular key manager available for Hadoop, can manage security keys from a variety of applications. At Hadoop World, we’ll talk about how you can use it to store and manage keys from the latest version of the Intel Distribution of Apache Hadoop.
Of course, if all else fails, come see us for the best trade show swag on the floor. Any guesses?