Hadoop Security: Some Enterprises Miss Risks

[InfoSec News <alerts () infosecnews org>]

http://www.informationweek.com/big-data/news/software-platforms/240005132/hadoop-security-some-enterprises-miss-risks

By Jeff Bertolucci
InformationWeek
August 08, 2012

Hadoop has plenty of advocates, most of whom praise the open-source 
framework's speedy data processing and analytics capabilities for 
organizations that manage huge volumes of data. But many enterprises 
don't understand how to secure Hadoop, some Hadoop community members 
say.

Officials of Red Lambda, an Orlando, Florida-based tech company that 
sells MetaGrid, a large-scale Big Data analytics, automation, and 
security platform, believe that Hadoop's security weaknesses are being 
overlooked or even ignored by many enterprises that use the distributed 
computing system.

Hadoop "really isn't designed to be a secure processing environment, 
which is a little scary considering how many people are trying to use 
it," said Robert Bird, president, CTO, and co-founder of Red Lambda, in 
a phone interview with InformationWeek.

One of Hadoop's key weaknesses is that it lacks a system to ensure fair 
sharing of its resources, Bird believes. "For example, you might have an 
administrator of the system that's running tasks on an Hadoop cluster," 
said Bird. "And another user could come along, start up their own task, 
and completely wipe out the tasks of the original admin."

[...]