Page 1
1 ©HortonworksInc.2011– 2016.AllRightsReserved
RoundTableDiscussion
CustomerAdvisoryBoardJune2017
Security&GovernanceSession#1:Merck,ING,Clearsense,Charter,HCSCSession#2:Discover,Universal,Expedia,Honeywell,SunLife,Geisinger,Bloomberg
Page 2
2 ©HortonworksInc.2011– 2016.AllRightsReserved
Agenda
à Security- FocusAreas&Roadmap
à Governance- FocusAreas&Roadmap
à What’sworking?Wherearethegaps?
à Top3itemstomakesecurity&governancelesspainfulforyourenterprise?
à Whatyouwouldliketoseeimprovedinthenext6-12months(wishlist)?
Page 3
3 ©HortonworksInc.2011– 2016.AllRightsReserved
Security– Ranger,Knox,&Platform
Page 4
4 ©HortonworksInc.2011– 2016.AllRightsReserved
RoadmapAtAGlance- Security
SecurityFocusinHDPHDP2.5 HDP2.6 HDP3.0&Beyond
Ranger
• Classification(tag)basedsecurity(ABAC)
• DynamicColumnMasking• RowFiltering• KMSHSMIntegration
(Safenet)• LDAPImprovements• AuditScalability• ReportsPageImprovements
• Policyscalability• EnhancedPolicyconstructs(macros)• Policyexport/import• IncrementalLDAPsync• Pluginpolicyversioninfo• Hiveshow/describecolumns
authorization• SmartSense Metrics
• SharedServicesforCloud(Multi-cluster/multi-tenantsupport)
• KMIPKMSsupport• MonitoringandDynamicBlock• ProcesslevelACLsforSpark• SupportDataPlaneandDLM
capabilities• Policy prioritization
Knox
• KnoxSSOframework• KnoxSSOforAmbari/Ranger
UIs• ComponentHAsupport
• PAMauthenticationsupport• Hadoopuser-groupmappingsupport• BasicKnoxUI(preview)• Knoxsupportforwebsockets (for
Zeppelinsupport)• KnoxsupportforSOLRRESTAPI
• ExtendKnoxSSOtoHDPWebUIs• Spark,Zeppelin,&Livysupport• KnoxClientImprovementsfor
ScriptingandDevelopment• Multi-factorauth.support• KnoxUIformanagingtopologies
PlatformSecurity
• SourceCodesecurityscans &remediation
• SourceCode&WebAppPenTesting&Certification
Current
Page 5
5 ©HortonworksInc.2011– 2016.AllRightsReserved
Governance- Atlas
Page 6
6 ©HortonworksInc.2011– 2016.AllRightsReserved
RoadmapAtAGlance- GovernanceGovernanceFocusinHDP
HDP2.5 HDP2.6 HDP3.0&Beyond
Cloud• SharedEnterpriseServicesfor
Governance(backendonly)• SharedEnterpriseServicesforGovernance
(Multi-clustersupport)
Integrations
• Storm/Kafka, Falcon,Sqoophooks
• Highavailabilitysupport• LDAPAuthentication• Classificationbased
securityforHive• RangerAuthorization
• Tag-basedpolicysupportforHDFS,Kafka,Hbase
• KnoxSSOforAtlasUI
• SupportDataPlaneandDLMcapabilities• Sparkjoblineageandmetadataextraction• NiFi support– Lineageandmetadata• Hbase,HDFShooks
Core&Consumability
• BusinessCatalog(TechPreview)
• New UserExperience• Highavailabilitysupport
• APIrevamp– Swaggerized docs!• SimplifiedBasicSearchUI• Manualentitycreation(HDFS,
Hbase,Kafka,customtypesetc.)• Performanceandscalability
improvements• SmartSense Metrics
• Columnlevellineage• TagPropagation• Annotation&Collaboration• ImprovedLineage&ImpactUI(Search/Filtering)• Export/ImportofAtlaslineageandmetadata• QueryBuilder&StreamlinedSearch• BusinessGlossary/EnterpriseCatalog
Current
Page 7
7 ©HortonworksInc.2011– 2016.AllRightsReserved
Discussion
Page 8
8 ©HortonworksInc.2011– 2016.AllRightsReserved
RoundtableQuestions
1. AreyoufamiliarwithHDP2.6Securityfeatures? Hasyourorganizationpilotedordeployedanyofthem?
2. WhatareyourexperienceswiththeHDPsecuritystack?Whatpartsofoursecuritystackdoyouuse(Kerberos,Knox,Ranger, ..)andwhatdoyouplantouseinthenearfuture?
3. Whatarechallengesyouseewithyourenterprisedatasecurity?Specificpainpointswouldbehelpful.
4. Otherfeatures/roadmapitemsthatwouldhelparoundsecuritysetupandadministration?
5. Whoaretheusersofsecurityadmincomponentsinyourorganization?WhichgroupsareresponsibleformanagingsecurityinterfacesinHadoopstack?
6. Doyouhavecloud/hybriddeploymentsyouareconsideringinyournearterm(3-6month)horizon?Whatspecificsecuritychallengesdoyouforeseewiththecloud/hybridenvironments?
7. OtherthanGDPRareyouawareofanymajorregulations/standardsthatwillinfluencesecuritywithinyourbigdataenvironmentsinthenearterm?
Security
Page 9
9 ©HortonworksInc.2011– 2016.AllRightsReserved
RoundtableQuestions
1. HowfamiliarareyouwithAtlasandHDPgovernancecapabilities?
2. Whatsystemsdoyouusecurrentlyasacatalogformetadata?
3. Doyouusedataclassification,metadatadiscoveryandmanagementanddataprofilingcurrently?Ifso,whichspecifictools?
4. Howimportantishavingabusinesscatalogortaxonomyforyourgovernancefunction?
5. IffamiliarwithAtlas,whatfeatures/roadmapitemswouldyouconsiderasbarrierstoadoptiontorolloutAtlasacrossyourenterprises?
6. Whattoolswouldyouliketoseeintegrated/certifiedwithAtlasecosystem?
7. IfyouhavedeployedAtlasalreadyinproductionorintheprocessofrollingitoutenterprisewide,whoaretheusersofAtlasandwhatskillsdotheycurrentlypossess?Arethereanyskillsgapsthatweshouldconsiderbridgingwithtoolcapabilitiesaswelookahead?
Governance
Page 10
10 ©HortonworksInc.2011– 2016.AllRightsReserved
RoundtableResponses
1. Geisinger inHDP2.6,majorityon2.5
2. Adoption:Kerberos(12/12),Ranger(10/12),Knox(4/12),resthaveplanstodeployRangerorKnoxinthenext3months.6/12arealreadyusingHDPonAWSorAzureorhaveplanstodeploythere
3. 4/12customershadAtlas
4. Challenges:1. Multi-platformdataconsolidation2. Flexibleaccesscontrol3. ProtectiononOnboarding4. Openmetadatastandardsandgovernanceprocess5. Metadatafederation6. KerberosisaHUGEpainpointstill(evenwithAmbarimanagedenvrionments)
Page 11
11 ©HortonworksInc.2011– 2016.AllRightsReserved
Readout
Page 12
12 ©HortonworksInc.2011– 2016.AllRightsReserved
Whatare3concreteitemsthatcanmakesecurity&governancelesspainfulforyourenterprise?
PainPoint Comments
Security#1:Multi-tenancy,Multi-factorAuth
Security#2:“WhatIf”modeorpolicyenforcementimpact
Security#3:SSOwithOAuthsupport
Governance#1:DataDiscovery
Governance#2:DataQualityandProfiling
Governance#3:Metadataintegrationsandopenmetadataexchange
Page 13
13 ©HortonworksInc.2011– 2016.AllRightsReserved
ThankYou!