Data Governance & Security Mechanism in Distributed Data Storage System

Back to Blog
25Jun

Data Governance & Security Mechanism in Distributed Data Storage System

By Apache Hadoop, Data Engineering, Storage Mechanism , , , , , , , , , , , , Comments Off on Data Governance & Security Mechanism in Distributed Data Storage System

We are aware that the traditional data storage mechanism is incapable to hold the massive volume of  data generated with lightning speed for further utilization even if we perform vertical scaling,  and we have anticipated only one fuel, nothing but DATA to accelerate the movement across all the sectors starting from business to natural resources including medical towards rapid growth.

But the question is how to persist this massive volume of data for processing? The answer is, storing the data in a distributed multi-node cluster environment, where it can be scaled linearly on demand. The former statement is made physically achievable by Hadoop distributed file system (HDFS). Using HDFS we can store data in a distributed manner (multi-node cluster where the number of nodes can be increased in the cluster linearly as data grows). Using Hive and HBase we can organize the HDFS data and make it more meaningful as the data become queryable. The next hurdle in the path of accelerating the movement towards growth,  is to govern the data and security implication on this huge volume of persisted data.

In a single statement, data governance can be defined as the consolidation of managing data access, accountability and security. By default, HDFS does not provide any strong security mechanism to achieve complete governance but with the additional combination to the following approach, we can proceed towards it.

Data Governance & Security Mechanism in Distributed Data Storage System

  • Integration with LDAP – To secure read/write operation on the persisted data, appropriate authorization with proper authentication is mandatory. Authentication can be achieved in HDFS by integration with LDAP server across all the nodes. LDAP is often used as a central repository for user information and as an authentication service. Organization/Company who has ingested huge data into Hadoop for analysis can define the security policy to avoid data theft, leak, misuse and ensure the right access to data inside HDFS directories, execute HIVE query etc. The user or team need to get authenticated via LDAP server before processing/query data from the cluster. LDAP integration with Hadoop can be done either by using OS-level configuration to read LDAP groups or explicitly configuring Hadoop to use LDAP-based group mapping.
  • Introducing Apache Knox gateway – Single access point with multi-node Hadoop clusters can be achieved by Apache Knox for all REST and HTTP interactions. The complex configuration, the client-side library can be wiped out by using Apache Knox. Besides accessing data in the cluster, we can provide security for job execution in the cluster.
  • Kerberos for authentication – Kerberos network authentication protocol provides strong authentication for the 2-tier application (client and server). Kerberos server verifies identities for every request when the client wants to access Hadoop cluster. Kerberos Database stores and controls all principles and realms. Kerberos uses secret-key cryptography to enhance strong authentication by providing user-to-server authentication. A Kerberos server, usually called Key Distribution Center (KDC) should be installed on one physical host and it’s database contains the user and service entries like user’s principal, maximum validity, maximum renewal time, password expiration, etc.

By Gautam Goswami

Author

Back to Blog

Related Posts

05Sep

Orchestrating Multi-Brokers Kafka Cluster through CLI Commands

This short article aims to highlight the list of commands to manage a running multi-broker multi-topic Kafka cluster utilizing... read more

17Jan

Japan started using Big data analysis

According to Yano research institute LTD, Tokyo Japan, Big data market could reach one trillion yen ($10 billion USD)... read more

18Jan

Data storage mechanism in Facebook

  We are all almost familiar with social media mainly Facebook where photo uploads total 300 million per day. Daily... read more

02Oct

Crafting a Multi-Node Multi-Broker Kafka Cluster- A Weekend Project

For the past couple of years, there has been a huge development in the appropriation of Apache Kafka. Kafka... read more

How Kafka Works?
02Aug

How Kafka Works?

#realtimedata streaming with #kafka is a popular and powerful approach to handle large volumes of data and facilitate communication... read more

08Jun

Why Lambda Architecture in Big Data Processing

Due to the exponential growth of digitization, the entire globe is creating minimum 2.5 Quintilian 2500000000000 Million) bytes of... read more

17Jan

Information analysis using Hadoop

After Kerala's Puttingal Devi Temple fire tragedy, we can visualize sudden data explosion in all digital media. After that... read more

17Jan

Big Data generation statistics

Facebook is collecting our data more than 500 terabytes (1000 X 500 Gigabytes) a day which includes 2.9 billion... read more

14Feb

Semi-Structured Data

Semi-structured data lies between structured and unstructured data. Data that get stored in the traditional database system or excel... read more

25Sep

Apache Flink – A 4G Data Processing Engine

Analyzing streaming data in large-scale systems is becoming a focal point day by day to take accurate business decisions... read more