Financial organizations have a strict criterion to meet requirements on access control restrictions, confidentiality rules, and privacy restrictions. As Hadoop was designed for formatting large amounts of unstructured public data on commodity servers, security was never a driver for its design or development. That's why initially it was a big barrier for Hadoop in making its entry into the financial sector.
In 2009, Yahoo chose Kerberos as the authentication mechanism for Hadoop, and since then, Kerberos has become the basis of Hadoop's security model. Kerberos combined with Hadoop's own file system security has taken care of this security concern within the financial sector.
This section only covers the topic at a high level. Please refer your product's security documentation for more details.
The three main aspects of security are:
Hadoop provides authorization controls to authenticated users via the use of HDFS file permissions and service-level authorization.
HDFS uses a permissions model for files and directories, which is similar to the UNIX model.
If you are already using Active Directory for Kerberos authentication, it might make sense to use group management via your LDAP instance or Active Directory.
Since Hadoop V2.6.0, HDFS implements transparent end-to-end encryption. The data read from and written to configured directories is transparently encrypted.
18.226.170.187