When Migrating to the Cloud, Don’t Leave Your Security Policies Behind

By Tony Velcich
Oct 19, 2020

Organizations are moving more IT resources to hybrid and multi-cloud environments - accelerating automation and digital transformation. In terms of flexibility and speed, there’s simply no competing with the elasticity of the cloud – which is exactly why McAfee found that 97% of organizations already use public or private cloud services, and IDG found that 41% of enterprises are already migrating storage, archiving, backups and other file servers to the cloud.

Yet while organizations gear up to face the challenges of migration and replication of data and logic to the cloud - the migration and replication of the security policies that constrain access to that data may receive less attention - but they shouldn’t.

In the on-prem Hadoop arena, Apache Ranger and Apache Sentry were created to manage the complexity of data lake security policies. But what happens when we shift to the cloud?

Primer: What are Ranger and Sentry?

Widely adopted by organizations using the commercial distributions of Hadoop, Ranger and Sentry are two of Hadoop’s most powerful on-prem security tools.

Apache Ranger is a framework to manage data security in Hadoop deployments. It provides centralized security administration, fine-grained authorization and centralized auditing within a single cluster. Ultimately, Ranger provides comprehensive security across the entire Hadoop ecosystem, alongside a central framework for security policy administration and user access monitoring.

Apache Sentry is a system for defining and enforcing fine-grained authorization against Hadoop resources. While Hadoop offers strong security at the filesystem level, it does not provide granular support to secure user and application access to data. Sentry enforces access control to data and data privileges, offering role-based authorization that delivers precise levels of access.

What Happens to Ranger and Sentry in the Cloud?

When organizations extend into either hybrid or pure cloud deployments - they need to transition from the way they implemented security for large-scale on-prem data platforms (like Hadoop) to the new cloud environment. This means finding a way to ensure that security policies defined in platforms like Ranger and Sentry and implemented in their Hadoop environment can be applied and effective in the cloud.

And this is why WANdisco created the LiveData Ranger and LiveData Sentry plugins.

Our LiveData Sentry Plugin replicates and coordinates Apache Sentry policies across Hadoop cloud clusters to maintain common policy enforcement in each. This enables organizations to ensure consistent policy definition and enforcement across multiple clusters that share access to the same data. It also enables them to change Sentry policies in any cluster - enforcing access to cluster resources with the same authorization rights in each environment.

LiveData Ranger Plugin allows Hadoop clusters to replicate Apache Ranger policy definitions. This offers clusters a shared set of Ranger policies – but costly single points of failure, degraded performance or administrative headaches. LiveData Ranger Plugin can replicate policy definitions as they are created or modified in any cluster, maintaining ironclad consistency among environments.

The Bottom Line

Migration efforts cannot afford to ignore the challenge of transferring security policies from on-prem environments to the cloud. It is critical to reduce the cost and effort of migrating security policies – while still allowing organizations to continue to use the Ranger or Sentry platforms for enforcing on-prem security policies. WANdisco’s solutions offer the best of both worlds: security within Hadoop, and seamless security policy migration to the cloud. With WANdisco’s paradigm, there is no need to reinvent the wheel to have cloud data secured in the same way as it is on Hadoop.



About the author

Tony Velcich, SR. DIRECTOR OF PRODUCT MARKETING, WANDISCO

Tony is an accomplished product management and marketing leader with over 25 years of experience in the software industry. Tony is currently responsible for product marketing at WANdisco, helping to drive go-to-market strategy, content and activities. Tony has a strong background in data management having worked at leading database companies including Oracle, Informix and TimesTen where he led strategy for areas such as big data analytics for the telecommunications industry, sales force automation, as well as sales and customer experience analytics.

FOLLOW

SUBSCRIBE

Get notified of the latest WANdisco Blog posts and Newsletter.

Terms of Service and Privacy Policy. You also agree to receive other marketing communications from WANdisco and our subsidiaries. You can unsubscribe anytime.

Related Blog Posts

https://wandisco.com/news-events/blog/tech-trends/how-iot-will-transform-transportation

Tech & Trends

How IoT Will Transform Transportation

IoT is at the core of forces reshaping transportation: providing greater safety; making travel more...

https://wandisco.com/news-events/blog/tech-trends/3-ways-og-industry-applying-iot-cut-costs

Tech & Trends

3 Ways the Oil & Gas Industry is Applying IoT to Cut Costs

Oil and gas companies that use IoT can cut operating costs and free up cash to finance migration to...

Cookies and Privacy

We use technology on our website to collect information that helps us enhance your experience and understand what information is most useful to visitors.
By clicking “I ACCEPT,” you agree to the terms of our privacy policy.

Cookie Setting