MapR Security Model
MapR offers enterprise-grade security and data governance capabilities out of box. Features include:
- Ubiquitous Data Protection. Data can be encrypted on-the-wire using AES256 with GCM, a NIST-approved and NSA-level cryptographic algorithm. MapR also offers several options for encryption at rest. Lastly, we’ve taken steps to disable vulnerable versions of SSL, and enforce TLSv1.2 for web-facing components.
- Flexible Authentication. MapR stands alone among Big Data distributions in offering choice in how users authenticate. Specifically, both Kerberos and username/password-based authentication schemes are supported. MapR is registry-agnostic and can leverage whatever user registry your organization is already using.
- Robust Auditing. MapR logs administrative actions, data access, and authentication requests – and we do so in an extremely performant manner. Users have choice in which actions get logged through parameters such as “coalesce interval” and selective auditing capability.
- Granular Authorization. MapR Access Control Expressions allow for the most expressive permissions possible on Files, Tables, and Streams through the use of Boolean logic.
Big data governance necessarily requires strong support for automation and agility. By leveraging built-in, platform-level capabilities such as volumes, snapshots, and mirroring, MapR addresses a variety of big data requirement such as:
- Data integration. The standard Hadoop APIs (HDFS and HBase), the Hadoop ecosystem tools (like Sqoop and Flume), NFS, or partner tools can be used to deliver data sets from multiple sources into MapR.
- Data lineage. Outputs to data transformations can be automatically placed on separate volumes and captured with snapshots, creating a lineage history that enables auditors to trace back and verify the accuracy of the transformed data.
- Data audit trails. Point-in-time views of data sets can be captured via snapshots to track the history of data in the cluster.
- Information lifecycle management. Retention/archiving, purging, and multi-temperature data policies can be automatically defined using volumes.
- Quotas. Disk quotas can be set on a volume-basis to ensure policy-based allocation of storage resources.
- Remote replication. Replication or "mirroring" can be scheduled to run periodically to incrementally deliver data set deltas to a remote cluster for archiving, global distribution, or disaster recovery purposes.
Find Content tagged