Living in Austin has it’s perks. Sure we have our endless allergy season, and every once in awhile it rains, but you really can't go wrong here, especially during SXSW. While Gazzang didn't exhibit at this year's event, we had plenty of folks roaming the trade show floor and even more representing at various after-hours networking events (a.k.a. "SXSW parties"). 

One of the cool things about SXSW is that you can spend all week in central Austin without spending a dime. Everywhere you look, someone or something is handing out free breakfast tacos, beer, t-shirts, even piggyback rides. Just login with your Facebook credentials, tweet, register your phone, share your email, Instagram a photo, or send a text. In the photo to the right, consumers were asked to bump their phones. It's easy and it’s free, right? 

Not so fast. 

When you get something for free, more often then not YOU are the product. You are trading personal information in exchange for an item that would otherwise cost money. You might stop to ask why they need this data? Where is it going? Who will have access to it? How is it being secured? is it encrypted?

These are fair questions, and our hope is that demanding answers will get mobile app and device vendors thinking long and hard about data security. 

Data encryption and key management are vital to ensuring your big data platform is secure and are necessary for meeting data security requirements associated with HIPAA, PCI, FERPA and European Union regulations. Watch the video to learn how Gazzang zNcrypt can help ensure the security of your data in the cloud or in your datacenter.

It's been a busy few months at Gazzang working on the next release of our big data encryption solution, Gazzang zNcrypt. Check out the press release that went out this morning announcing general availability. Much like zNcrypt 2.0 for LAMP, which launched our products into applications beyond database encryption, we anticipate that zNcrypt 3.0 will bring zNcrypt into more complex and larger multi-hundred-node big data environments.

The solution was built with large scale deployments in mind and offers more options for securing Big Data. zNcrypt has already shown fantastic results on Big Data platforms like Hadoop, Cassandra and MongoDB, but as with any software there is always room for improvement. Feedback from customers, partners and engineers were key toward enhancing the features and capabilities in this latest release.

A few of the new features you will find in zNcrypt 3 are:

• zTrustee-based key server, with additional security layers and smart policies to protect the encryption keys. zTrustee has APIs in shell, Python. C and Java allowing users to have more programmatic control of the keys for tighter integration into their security processes.
• Added block level encryption for better performance and the capability to take advantage of Intel AES-NI hardware encryption acceleration when available in the hardware. During configuration, zNcrypt users can now choose between file level or block level encryption.
• Multiple master key and encryption mount points per server. This capability adds flexibility to define different key policies for different user groups for data segregation as well as better scalability by allowing to add encrypted storage volumes without downtime or moving encrypted data to larger volumes.
• Automated license activation, it is no longer required to have a license key and activation up front. We have moved from the traditional product key way of software licenses to a more innovating and scalable automated license activation. You can use your DevOps tools of choice to install zNcrypt using standard apt / yum package managers without contacting Gazzang.

If you already are a Gazzang zNcrypt customer and are interested in upgrading, please contact support@gazzang.com. If you are new to zNcrypt, we invite you to try it now by contacting sales@gazzang.com. It has never been easier for anyone to trial zNcrypt.

Like a moth to a flame, the annual RSA Conference never fails to attract attention. Not surprisingly, this year’s discussion focused on big data security, cloud security, breach prevention, online privacy and the latest technologies.

One bit of exciting news from the conference that hits close to home for us, was the emergence of Gazzang zTrustee™ as a leading cloud security solution. This week, zTrustee was recognized for “Innovation in Cloud Security” at the 2013 Info Security Products Guide Global Excellence Awards.

More than 50 security experts from around the world participated in the judging and their average scores determined the 2013 Global Excellence Awards recipients. A complete list of winners can be found here: http://www.infosecurityproductsguide.com/excellence/index.html

Congrats to the “award-winning” Gazzang zTrustee!

[Prerequisite: You should first read Casey's introduction to HKP and Hockeypuck on his blog here.]

Anyone who has ever used Ubuntu, Debian, Launchpad, or apt-get has implicitly trusted a sophisticated public key distribution protocol called "HKP" or, HTTP Keyserver Protocol. Originally designed for encrypting and signing email, asymmetric key pairs are used to sign, encrypt, decrypt and check signatures of thousands of packages on almost any Linux system.

Many (most?) public key servers today, such as keyserver.ubuntu.com, use an open source package called SKS (synchronizing key server) to distribute public keys.

Within Gazzang's zTrustee product, we rely on HKP to exchange public keys between client's and server. In our first implementation, we simply used SKS as installed from the Ubuntu repositories. SKS worked well in some environments, but it didn't scale well to larger environments, where hundreds of thousands of clients running on cloud servers were exchanging public keys in an automated fashion.

Moreover, we envisioned a system where user and host public SSH keys and server public SSL certificates might be exchanged in the same fashion, using the same protocol. We considered trying to extend SKS to improve the scalability and feature set.

In the end, we decided a new HKP implementation, leveraging a modern, high performance NoSQL key-value store -- MongoDB -- and written in modern language -- The Go Programming Language -- would enable us to build a more efficient, type-safe, memory-safe, concurrent, garbage-collected, fast implementation of HKP. We could also extend the feature set with a nice user interface and natively support other public keys.

With the general ideas fleshed out, my esteemed colleague, Casey Marshall, got to work on Hockeypuck -- his implementation of HKP in Golang and MongoDB -- freely available under the GPL. All credit for the development of Hockeypuck up to this point goes entirely to Casey :-) That said, he's really quite interested in outside contributions and help at this point, so if you're proficient in Golang and looking to contribute to an awesome security project, here's your bogey!

We at Gazzang are hosting a reference Hockeypuck server at:

• http://hockeypuck.gazzang.net
• https://hockeypuck.gazzang.net/

But you don't have to use our Hockeypuck server ... we're absolutely delighted that Hockeypuck has been accepted into Ubuntu's 13.04 (raring) distribution in Universe. It's as easy as:

$ sudo apt-get install hockeypuck

in Ubuntu 13.04 to get your Hockeypuck server up and running. For other Ubuntu releases, Casey is publishing backports to a stable and an unstable PPA.

This server has successfully imported the world's current public key ring -- that's 4GB of OpenPGP public key information! Casey's still working on the synchronization, which is based on SKS's "recon protocol". Again, if you're into hard core polynomial math, can read and understand OCaml, and are interested in re-working that algorithm in Golang, get in touch with us :-)

We're really, really interested in your feedback at this point! You can file bugs against the project and packages here. We're also looking for your feature requests... How would you like to use a public key server? Would you find it useful to import your SSH server or host public keys from a key server? Would you find it useful to see "badges" by keys, indicating that key's level or trust? Or perhaps that a key has been "verified"? What about linking public keys to OpenID or OAuth logins? Or what about [insert your idea here!]...

Comments? Bring 'em on!

Cheers,
:-Dustin

I have a pretty decent amount of data about Disney World (where to stay, when to visit, how to beat the crowds to Space Mountain, etc…), and in turn, Disney knows a lot about me (my age, where I live, how many times I’ve visited the park, etc…).

This information may seem trivial, but it’s essential (or so we think) for an experience that’s optimized for our enjoyment. In fact, Disney has made a big bet on this idea. You might have seen stories about Disney’s new “vacation management system” which is designed to learn even more about park visitors and, in turn, improve upon their experience.  The amount of data that can be gleaned from something that looks like a sweatband is almost limitless. It’s… uh… big.

This past week, I was lucky enough to experience the power of Disney without the big data backstory, as I took my two boys (aged 5 and 2) to Disney World for the first time. My wife and I wanted them to be surprised about their new adventure, so we told them nothing about the park beforehand.

That means they knew nothing of Thunder Mountain, Pirates of the Caribbean, the Haunted Mansion or EPCOT.  They’d never seen the Teacup ride, a 3-D movie or life-size cartoon characters that sign autographs. The only thing they were fairly certain of is that Mickey, Goofy and the gang as well as some princesses lived there.

As our monorail approached the Magic Kingdom, their eyes grew as large as saucers and their grins widened from ear to ear. During our four-day trip, it would have taken the world’s finest surgeon to remove the smiles from their faces. A week later my youngest still can't stop singing Zipadee Do Dah.

For all the excitement and interest about big data, there’s something to be said for possessing no data. Without data, everything is a surprise, and surprises lead to lasting memories. Isn’t that what Disney World is all about in the first place?

My Hockeypuck project was accepted into Ubuntu Raring earlier this week. Thanks Dustin for sponsoring!

Hockeypuck is a PGP public key server -- kind of like an open directory or phonebook for looking up someone's key to verify their digital signatures or encrypt e-mail messages or other files to them. For example, with PGP, you could ask a keyserver the public key for my email address.

(The name "PGP" was trademarked at some point, so we should really say "OpenPGP", because that is the name of the open standard. And GnuPG, or "GPG", is the free and open-source program that you'll probably end up using to "do PGP".)

A search for my key in Hockeypuck looks like this: https://hockeypuck.gazzang.net/pks/lookup?op=vindex&search=0x44A2D1DB. On other keyservers, such as SKS, it looks like this: http://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0x44A2D1DB.

Before the public key fingerprint linked above, you need to confirm that the key is actually owned by me. There are many ways to do this, but one of the simplest would be to send me a test encrypted mail, and then confirm it with me through some other means (a second factor). Asking me in-person or via phone call to confirm the contents (a good joke would work) would give you confidence that I am the owner of the key.

It might be surprising to find that there is no approval process for submitting a key to a public key server like Hockeypuck -- anyone may do it, anytime. In fact, anyone may register any name or email address they want! There is no account to create, no password to log on. The key itself contains some proof that whomever made it can decrypt messages, but that's it. Keys are authenticated by other keys vouching for their authenticity -- by digitally signing them. However, there is some certainty you can depend on. One cannot forge the fingerprint (a unique string) of a key or signatures made by a key -- that is protected by the strong encryption. Once a key is created, only the owner of the private part of that key can modify it, or sign with it.

It seems dangerous and reckless that anyone can register a key, using whatever name and address. Yet at the same time, it is refreshing in this age of Facebook and other corporate curated social networks. Cryptographically-protected online communications are available to those who can wield it responsibly. When communicating and collaborating online, whom else could people from all over the world really trust, but... each other?

The global pool of public keys is fascinating. There are over 4GB of public keys and signatures that have been created and shared. Some of the names and addresses appear personal, others corporate, government, academic or military. There are mysterious pseudonyms, signed snippets of identifiers that aren't even email addresses. Any of them could be real or forgeries, without being introduced to their owners through some other means. Some may be active, others long abandoned.

It is like what you might get if Wikipedia made a cryptographic contact list.

Besides email, OpenPGP is used in many other applications. The software packages in a Linux distribution such as Ubuntu or RedHat are certified as officially packaged by their authors or maintainers using these same type of signatures. When you update packages on such a Linux installation, a PGP keyserver would be queried to obtain the keys used to sign these packages. What else could a vast global, distributed volunteer development effort use to certify software packages?

The significance of software such as Hockeypuck going into Ubuntu is that it has been accepted into the community-curated collection of software known as "Ubuntu" -- meaning that it is considered relevant enough, and of sufficient quality to become a part of this collection. As a PGP keyserver, Hockeypuck may one day support this community's collaboration, through the distribution of public keys. That would be an honor :)

It will be a lovely week next week! Valentines Day is next Thursday, February 14th, of course. Make sure you have chocolate and beautiful flowers for your sweetheart.

Near and dear to my heart, I'm personally excited that Gazzang will be introduced as one of the newest card-carrying members of the Linux Foundation! I've been an individual member of the Foundation for years, and have attended nearly a dozen LF events. We're extremely, extremely proud to add Gazzang to LF's very impressive list of active corporate members. What excellent company! I feel that we at Gazzang are differentiating ourselves from our competitors with comprehensive offerings around big data security, enterprise class encryption, and innovative key management -- all built exclusively in and on top of Linux.

And in celebration of all this love, Gazzang's fabulous marketing department has created a special Valentine's Day card for Linux, on behalf of all the enterprises and consumers far and wide that are just head over heels in love with the Penguin :-) Enjoy!

Over the past few years I have seen an avalanche of servers and applications migrating to Amazon EC2. One of the cornerstones of Gazzang is the fundamental premise that the cloud is only as secure as you make it. With so many companies starting to take advantage of Big Data to run analytics jobs, have better data points from large data sets and make informed or even automated decisions based on data fluctuations, these systems are now also following their peers to the cloud.

Building a large dedicated multi-hundred node Big Data platform in the cloud is an expensive proposition, so it was logical that Amazon would build a Big Data as Service solution. Many Big Data jobs have demand peaks and valleys, and this elastic nature of resource utilization is a perfect candidate for "elastification" by Amazon. Elastic Map Reduce (EMR) provides users a very simple interface either via a graphical UI or api calls to launch large complex Hadoop Clusters for big data analytics.

Amazon offers many security features like Virtual Private Clouds (VPCs), AWS Identity and Access Management (IAM), secret keys, api keys, VPN connectivity, security groups, NAT, Internet Gateways, SSL load balancers, AWS Java SDK and security classes. Unfortunately there is no one size fits all in terms in security. Data encryption might be vital for one organization, while another might view SSL certificate management as their security lynchpin, so when it comes to securing your Amazon servers, users need to tailor security to fit their needs.

To address the growing security needs of EMR users, Gazzang is planning to offer a unique Elastic Map Reduce Solution Pack. This solution package will bundle our existing products along with new scripts and java classes that allow users to secure their EMR jobs.

The Gazzang EMR solution pack includes:

• Gazzang zNcrypt to transparently encrypt data on the Hadoop Data nodes, so it is never stored on disk in cleartext
• Gazzang zTrustee to store the master encryption keys to encrypt/decrypt the data as moved to and from S3 and EMR and ultimately consumed in a reporting engine or transactional database
• Customized Hadoop Java classes to perform the secure key retrieval and streamed data encryption/decryption
• Amazon EMR bootstrap scripts to install and configure the zNcrypt software

The EMR solution pack is a great step towards securing your EMR jobs, complying with data at rest encryption requirements for HIPAA-HITECH, PCI-DSS and many other regulations. The solution pack can then be further extended with the many APIs in shell, python, java and C to further meet custom requirements suited for our customers.

For more information on this solution pack, please contact sales@gazzang.com

One of the things I look forward to most at Christmastime is the seemingly endless parade of predictions and year-in-review columns. You see them everywhere: 

The Ten Best movies of 2012

2012: The Year in Bacon

Ten Brilliant, Surefire, Can’t-Miss Business Predictions for 2013

A Crystal Ball on the Cloud

Heck, we just issued a predictions release earlier this week. The bottom line is when I see a list, there’s a good chance I’m going to read it and tweet it, regardless of what it's about. 

Speaking of which, IDC and EMC just released a cool report called “The Digital Universe in 2020, that looks at the state of Big Data eight years from now. See below for a list of interesting insights. My only nit is that a report that looks forward to 2020 should at least contain one section about flying cars and our benevolent robot overlords.  

• By 2020, the digital universe will grow to 40,000 exabytes, or 40 trillion gigabytes (more than 5,200 gigabytes for every man, woman, and child in 2020). From now until 2020, the digital universe will about double every two years.
• By 2020, nearly 40% of the information in the digital universe will be "touched" by cloud  computing providers — meaning that a byte will be stored or processed in a cloud somewhere in its journey from originator to disposal. Perhaps as much as 15% will be maintained in a cloud.
• The proportion of data in the digital universe that requires protection is growing faster than the digital universe itself, from less than a third in 2010 to more than 40% in 2020.
• Today, only about half the information that needs protection has protection. That may improve slightly by 2020, as some of the better-secured information categories will grow faster than the digital universe itself, but it still means that the amount of unprotected data will grow by a factor of 26.
• By 2020, a third of the data in the digital universe (more than 13,000 exabytes) will have Big Data value, but only if it is tagged and analyzed. In 2012, we believe 23% of the information in the digital universe (or 643 exabytes) would be useful for Big Data if it were tagged and analyzed. However, technology is far from where it needs to be, and in practice, we think only 3% of the potentially useful data is tagged, and even less is analyzed.