Connect with us

Hi, what are you looking for?


Data Protection

Native Hadoop Security Tools Fall Short in Big Data Environments: Survey

While an overwhelming majority of Hadoop users agree that data security is a critical requirement, most disagree or are not sure that its native security tools provide enough protection for their sensitive data, according to a recent survey.

While an overwhelming majority of Hadoop users agree that data security is a critical requirement, most disagree or are not sure that its native security tools provide enough protection for their sensitive data, according to a recent survey.

When a small but targeted audience of 150 attendees at last month’s Strata + Hadoop World Summit in San Jose were, Calif. were asked whether data security is a critical requirement for their Hadoop data lake or hub, 86 percent said that it was.

The survey, conducted Protegrity, a provider of enterprise data security solutions, also found that 80 percent of respondents said their organizations will be spending more on Hadoop-related projects this year.

“When 89 percent of the Big Data professionals we surveyed disagree or are not sure that security tools native to Hadoop provide enough protection for their sensitive data, it demonstrates a tremendous need for increased education around Big Data security and the availability of more robust data security solutions for Hadoop,” said Protegrity CEO Suni Munshani.

In terms of usage, 80 percent of those surveyed indicated that their organizations are already using Hadoop in production environments.

“Enterprises are storing and processing data across many execution engines at a scale that has not been possible before. This in turn has made security a crucial component of enterprise Hadoop,” said Munshani. “Given how those surveyed said that production deployments and spending on Hadoop Big Data projects are increasing, responsible organizations are looking to apply enterprise-grade security to their highly sensitive data in Hadoop to meet corporate risk management standards, privacy policies and complex compliance and regulatory requirements.”

“While not surprising, these findings are alarming. They show that in the past few years enterprise technology environments have changed dramatically but the tools used to secure them haven’t adapted accordingly,” Andrew Rubin, CEO of Illumio, told SecurityWeek. “Today, 80 percent of the traffic within data centers, which include Hadoop databases, ha s little-to-no form of network security applied. There is an absolute lack of needed segmentation, encryption or visualization of any sort.”

“Since the vast bulk of breaches occur inside the data center, IT managers must turn to new approaches and invest in solutions that reduce attack surfaces, enable encryption and stay a step ahead of the most worrisome threats,” Rubin added.

Advertisement. Scroll to continue reading.

Related: Managing Security Permissions of Data Subsets in Hadoop

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...