When Migrating to the Cloud, Don’t Leave Your Security Policies Behind

By Tony Velcich, Oct 19, 2020

Organizations are moving more IT resources to hybrid and multi-cloud environments - accelerating automation and digital transformation. In terms of flexibility and speed, there’s simply no competing with the elasticity of the cloud – which is exactly why McAfee found that 97% of organizations already use public or private cloud services, and IDG found that 41% of enterprises are already migrating storage, archiving, backups and other file servers to the cloud.

Yet while organizations gear up to face the challenges of migration and replication of data and logic to the cloud - the migration and replication of the security policies that constrain access to that data may receive less attention - but they shouldn’t.

In the on-prem Hadoop arena, Apache Ranger and Apache Sentry were created to manage the complexity of data lake security policies. But what happens when we shift to the cloud?

Primer: What are Ranger and Sentry?

Widely adopted by organizations using the commercial distributions of Hadoop, Ranger and Sentry are two of Hadoop’s most powerful on-prem security tools.

Apache Ranger is a framework to manage data security in Hadoop deployments. It provides centralized security administration, fine-grained authorization and centralized auditing within a single cluster. Ultimately, Ranger provides comprehensive security across the entire Hadoop ecosystem, alongside a central framework for security policy administration and user access monitoring.

Apache Sentry is a system for defining and enforcing fine-grained authorization against Hadoop resources. While Hadoop offers strong security at the filesystem level, it does not provide granular support to secure user and application access to data. Sentry enforces access control to data and data privileges, offering role-based authorization that delivers precise levels of access.

What Happens to Ranger and Sentry in the Cloud?

When organizations extend into either hybrid or pure cloud deployments - they need to transition from the way they implemented security for large-scale on-prem data platforms (like Hadoop) to the new cloud environment. This means finding a way to ensure that security policies defined in platforms like Ranger and Sentry and implemented in their Hadoop environment can be applied and effective in the cloud.

And this is why WANdisco created the LiveData Ranger and LiveData Sentry plugins.

Our LiveData Sentry Plugin replicates and coordinates Apache Sentry policies across Hadoop cloud clusters to maintain common policy enforcement in each. This enables organizations to ensure consistent policy definition and enforcement across multiple clusters that share access to the same data. It also enables them to change Sentry policies in any cluster - enforcing access to cluster resources with the same authorization rights in each environment.

LiveData Ranger Plugin allows Hadoop clusters to replicate Apache Ranger policy definitions. This offers clusters a shared set of Ranger policies – but costly single points of failure, degraded performance or administrative headaches. LiveData Ranger Plugin can replicate policy definitions as they are created or modified in any cluster, maintaining ironclad consistency among environments.

The Bottom Line

Migration efforts cannot afford to ignore the challenge of transferring security policies from on-prem environments to the cloud. It is critical to reduce the cost and effort of migrating security policies – while still allowing organizations to continue to use the Ranger or Sentry platforms for enforcing on-prem security policies. WANdisco’s solutions offer the best of both worlds: security within Hadoop, and seamless security policy migration to the cloud. With WANdisco’s paradigm, there is no need to reinvent the wheel to have cloud data secured in the same way as it is on Hadoop.

About the author


Tony is an accomplished product management and marketing leader with over 25 years of experience in the software industry. Tony is currently responsible for product marketing at WANdisco, helping to drive go-to-market strategy, content and activities. Tony has a strong background in data management having worked at leading database companies including Oracle, Informix and TimesTen where he led strategy for areas such as big data analytics for the telecommunications industry, sales force automation, as well as sales and customer experience analytics.



Get notified of the latest WANdisco Blog posts and Newsletter.

Terms of Service and Privacy Policy. You also agree to receive other marketing communications from WANdisco and our subsidiaries. You can unsubscribe anytime.

27th - 30th June 2022 | SAN FRANCISCO

Data + AI Summit 2022 Speaking session and space

06th - 07th October 2022 | TORONTO

Big Data + AI 2022 Toronto Speaking session and space

Our LiveData Story

Related Blog Posts


Tech & Trends

Activate Unlimited IoT Data with WANdisco Edge to Cloud

The ability of modern businesses to make data usable at scale is called “data activation.” WANDisco...

May 05, 2022

Read More

Tech & Trends

Data Modernization: A Data Leader’s Answer to Driving Valuable Business Outcomes

The amount of data being created is accelerating. Companies need modern data strategies in the cloud...

Mar 31, 2022

Read More


WANdisco’s Journey to a 4-Day Work Week

The COVID-19 pandemic has made working from home the norm. This new work structure has proven to be...

Mar 17, 2022

Read More

Free Cloud Data Migration Assessment

Get a complete analysis of your data migration plan, including best practices and guidance to accelerate the migration.