When Hadoop started, it had a security problem. The spin from the various Hadoop vendors and proponents tended to be something like, “We see security as a front-end application issue.”
This is what you say when you don’t have a good answer, JavaWorld reports.
Since then, solutions like Apache Knox and Cloudera Manager have provided answers for authentication and authorization for basic database management functions. The underlying Hadoop Filesystem now incorporates Unix-like permissions.
This hasn’t completely quashed the issue, largely because of the way entrepreneurs think: If you can’t come up with a new idea, then plunk the S-word after the name of a new technology and you have a “BOLD IDEA FOR A NEW STARTUP!!!!” Rummage through the dustbin of recent history and you’ll find startups devoted to SOA security, AJAX security, open source security, and so on. Now we have big data security startups — and the money will roll right in! How do you launch a security startup? Scare people, of course.
The real security problem with Hadoop in particular and big data in general isn’t with everyday access rights — that took all of 10 minutes for the vendors and open source community to solve. The big problem is that when you aggregate a lot of data, you lose context. While I doubt many people are aggregating a lot of data without any context, aggregating any data means losing some context.