Inherently Secure Big Data Architecture

The big data security conundrum


Security and regulatory compliance is hugely important in today’s IT landscape. Internal and external threats to corporate infrastructure is increasing in frequency, and the consequences of data leaks are becoming increasingly severe.

While traditional databases and data center architectures have many established solutions for data security, big data solutions like Hadoop are newer to the marketplace and up until this point, have had much less mature security capabilities. These capabilities have most been focused on “perimeter security” and IT best practices… or discovery-based solutions that search for sensitive data assets that have already been exposed.

Big data solutions continue to gain momentum though, because of the flexibility, scalability, and advanced analytics that these technologies enable… and the growing feature parity with enterprise data warehousing systems. As adoption increases and more use cases are moved to big data solutions, more and more sensitive and/or business-critical data is being migrated. These data assets must be secured in a more fine-grained fashion.

What’s the best solution to securing data? We believe it takes a multi-layer approach including:

  • Object-level security, which requires that every individual data object be tagged with unique security metadata while it is ingested — as opposed to a tedious after-the-fact approach that requires bolt-on security measures or discovery tools that search for risky or unmasked data assets after they have penetrated your systems.
  • A combinational business-rules plus metadata-driven approach means both tags and business rules define what class or level of consumer is able to access each data object. It ensures that only the consumers with the correct permissions are able to “cross the security drawbridge” to access the right information — greatly improving security while ensuring compliance.

Stronghold – your data fortress

To meet these challenges, CSC included a major new security feature in its Big Data Platform as a Service: StrongholdTM.

Stronghold is the world’s most comprehensive security framework for big data applications and analytics. It reinforces CSC’s position as the leading global IT consulting firm for secure and compliant big data architecture and demonstrates our commitment to continued advancement in the space. Stronghold provides a centralized, open-source security platform that wraps around your entire big-data system — essentially building a “moat” or shield around your entire data lake.

To solve the issue of fine-grained data security, we embraced two major technology advancements, which we’ve bundled together into the brand Stronghold.

  • Stronghold for Data Applications – based on a highly secure NoSQL database Platform as a Service deployed successfully for the US Government to perform large scale intelligence agency and military data analytics, which was open sourced for commercial use.
  • Stronghold for Hadoop – based on the most advanced Hadoop security architecture available on the market in close collaboration with our strategic partners Cloudera and Hortonworks, leverages ideal configurations, workflows, and automation. * Cloudera (CDH) – developed for Cloudera’s Navigator, RecordService, and Apache Sentry * Hortonworks (HDP) – Apache Ranger, Apache Knox, and Apache Atlas




Together, these two Stronghold editions provide the robust security companies need to not only secure the data center infrastructure and platform perimeter, but also the data objects themselves with the ultimate proactive, fine-grained control.

Learn more

Depending on your company’s business needs, one or both of the Stronghold editions may be suitable, so work closely with your CSC account team and our big data architects to determine the appropriate security solution for you.

Let me know what you think of our approach to big data security. Contact me for a more detailed conversation.



Tim Gasper is the Global Portfolio Manager for CSC’s Big Data and Analytics offerings. He is responsible for the 

TimGasper_300x300strategy, roadmap and technology mix in offerings for the Big Data and Analytics offerings. In his additional responsibility as the product manager for CSC Big Data Platform as a Service (BDPaaS) offering, Tim has led product design and strategy for the world’s first comprehensive cloud-scale analytics platform. BDPaaS can be deployed in enterprise data centers, private or public clouds, providing programmers, analysts and data scientists the fastest means to collect, store, manage, analyze, report and visualize big and fast data.

Tim founded Keepstream, a social media analytics and curation startup, that was acquired by Infochimps in 2011. Tim has product management and product marketing experience in the technology space, and is an accomplished writer and speaker on entrepreneurship, lean startup methodology and big data.


Note: This blog was first published as “Introducing BDPaaS – Stronghold: Inherently Secure Big Data Architecture.”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: