After raising $900m this March, enterprise Hadoop player Cloudera has acquired encryption company Gazzang to fill out security features that are keeping big data out of enterprise production environments.
Security might not have been as necessary when big data clusters were only accessed by small groups of programmers, but with wider enterprise deployments, there's been a push over the past year to fill in pieces missing from the Apache project — authentication and access control.
Last month, for example, fellow Hadoop vendor Hortonworks acquired XA Secure to offer it role-based authorisation, auditing, and governance.
Gazzang offers Cloudera's enterprise customers encryption for data at rest and a key management system to secure protected data within Hadoop clusters — and importantly, an assurance to customers who handle data that's subject to security regulations such as the healthcare HIPAA-HITECH, card payment data security standards and personal information under European and US privacy laws.
The acquisition follows Cloudera's launch last year of Sentry, a security module aimed at regulated industries that offered customers a way to fine tune access to data sets through SQL query engines like Apache Hive and its own Impala query product.
Prior to Sentry, Hadoop security used Kerberos, for example, to authenticate users when firing up remote clusters, or when accessing some MapReduce tasks, and to apply certain access controls to HDFS (Hadoop file system) files or directories.
According to Tom Reilly, Cloudera's CEO, the addition of Gazzang's encryption products will make it easier to move workloads from development to production environments, as well as allay customer concerns over moving those workloads to a public cloud.
"Companies that are weighing the value of putting workloads in public cloud environments against security concerns will now be able to move forward by putting in place additional process-based access controls," Reilly said.
"This limits access to encrypted data only to authorised system functions — rather than specific users or roles — so a cloud administrator, who likely does not need access to the sensitive encrypted data, cannot run commands that grant them access. This is critical for compliance initiatives that require organizations to restrict data access based on 'business need to know'."
To that end, Gazzang in March launched a product that allows users to launch fully-encrypted cloud instances from the AWS Management Console, adding to its data encryption and key management support for Amazon Elastic MapReduce.
The Gazzang team will also be put to work on solving other Hadoop security challenges and support Cloudera's existing work on Project Rhino, Intel’s open source effort to add data protection to Hadoop. Intel was the main backer of the $900m round Cloudera raised in March.
Financial terms of the deal were not disclosed.