Dataguise, provider of enterprise-wide data-centric discovery and security solutions to address data breach threats to Big Data and traditional repositories, has introduced a data-centric discovery and security solution to counter the risk of data breaches to NoSQL data stores. Based on customer demand, the first implementation will support Cassandra/Datastax NoSQL deployments, with additional agents for HBASE, Mongo, and others scheduled for 2015.
According to Dataguise, DgSecure for NoSQL is a data-centric solution that provides organisations with unique sensitive data discovery capabilities, allowing users to locate, identify and manage sensitive data in NoSQL, and then apply dynamic, high performance data protection based on user permissions. The discovery and security solution’s capabilities mitigate the risk of a NoSQL data breach by providing extensive reporting and auditing services, allowing enterprises for the first time to see who is adding, accessing, and attempting to access sensitive data.
“Sensitive data detection and dynamic protection will be vital security services for Apache Cassandra and DataStax deployments in financial services, banking, insurance, and healthcare,” said Aaron Morton, Apache Cassandra Committer, Datastax MVP for Apache Cassandra, and Co-Founder at The Last Pickle. “DgSecure for NoSQL tackles this with an innovative approach to discovery and dynamic data protection through close integration with the Cassandra Query Language API – dramatically reducing the risk of data loss through breach, while preserving the high performance, highly available distributed architecture of Cassandra. ”
DgSecure for NoSQL is the first solution of its kind to discover all sensitive data residing in or being written to NoSQL to support enterprises seeking protection of data in these environments against a breach. Using intuitive, user friendly templates, organizations can select specific sensitive elements for policy-based protection of credit cards, social security numbers, names, addresses, phone numbers, medical data, etc. Once these elements are discovered and catalogued, DgSecure for NoSQL provides fast dynamic protection of sensitive data through an intercept agent that can provide complete access to authorized users and create masked, de-identified, or encrypted values for protecting data as it is being written out to the users and applications that access data in NoSQL data stores. This dynamic protection allows enterprises to maintain close control over sensitive data access, with zero compromise and full preservation of the high speed, low latency write/read operations and high scalability/replication properties of NoSQL.
“Thousands of firms are working on big data projects, from small startups to large enterprises. New Big Data technologies enable any company to collect, manage, and analyze incredibly large data sets,” said Adrian Lane, analyst and CTO, Securosis. “As these systems become more common, the repositories are increasingly likely to contain sensitive data. Only after companies find themselves reliant on big data do they ask how to secure it.”
Unlike relational databases, which are generally not designed to cope with the scale and agility challenges that face modern applications or able to take advantage of the cheap storage and processing power available today, NoSQL addresses both concerns while offering simplicity of design, horizontal scaling, and finer control over availability. NoSQL encompasses a wide variety of database technologies that were developed in response to a rise in data stored about users, objects and products, the frequency of data access, as well as performance and processing needs. Now with the adoption of NoSQL on the rise, organisations must be able to locate and protect sensitive data in these environments for security and compliance purposes.
Business benefits of this solution include:
- Sensitive data discovery for NoSQL: This is an industry-first capability that allows administrators to detect all sensitive data (credit cards, social security numbers, names, addresses, etc.) stored in NoSQL and proactively discover all new sensitive data being written to the database.
- Sensitive data protection: Protect sensitive data access for all applications via Dataguise’s Dynamic Data Protection (DDP) for NoSQL. Sensitive data is passed in the clear for authorised users and dynamically blocked and de-identified with masking or AES format-preserving encryption for users without authorization rights to that data.
- Sensitive data audit in NoSQL: For the first time, authorised administrators can see all sensitive data requests for NoSQL in one location. This includes who is requesting sensitive data, how much, and which users were granted access.
“Due to their increasing popularity for high profile environments, most NoSQL deployments are subject to security attacks. As these platforms support enterprise production applications, the advent of data-centric security solutions will be critical to protecting the massive amounts of data being stored,” said Nik Rouda, senior analyst, Enterprise Strategy Group. “Dataguise has been a vanguard of securing Big Data for some time and the company’s NoSQL security solution moves the needle forward. Their data-centric approach balances performance and security to ensure authorized users gain access to privacy data without the unnecessary latency that has plagued other solutions.”
DgSecure for NoSQL is an enterprise-grade solution which satisfies important requirements for regulated industries, thereby enabling data privacy and compliance operations. Key aspects of the solution include policy management, sensitive data discovery, authorization management, automated deployment and management, granular reporting, cloud compatibility and a highly scalable and performant architecture.
“With DgSecure for NoSQL we are addressing two fundamental concerns in the provisioning of data-centric security for these environments – the identification of sensitive data and the locking or encrypting of data at performance levels that are acceptable for operations,” said Jeremy Stieglitz, vice president, products, Dataguise. “We have taken the core of our discovery engine and built a new discovery agent for NoSQL. Utilizing native Cassandra APIs, DgSecure reads, parses and secures all sensitive data, a combined process that takes NoSQL data protection to the next level.”