SlideShare a Scribd company logo

AWS Big Data Demystified #4 data governance demystified [security, network and data access management]

Download as PPTX, PDF
O
Omid Vahdaty

The document provides an overview of data governance on AWS. It discusses key aspects of data governance including availability, usability, consistency, integrity and security. It covers considerations for data access, regulations, and architecture implications. Specific AWS services for data storage, processing and security are outlined, such as S3, VPC, IAM, encryption options. The document emphasizes account segregation, identity-based access policies, and designing networks and data flows with big data applications in mind.

1 of 45
Downloaded 28 times
AWS Data Governance Demystified [Network, Security,Privacy & Data Access Management] AWS Big Data Demystified #4 Omid Vahdaty, Big Data Ninja
Agenda ● Disclaimer ○ I am not a network and security expert ○ This is not a security and network lecture ● Agenda…. ○ All the possible consideration for my data? (access,regulation, availability etc) == Data Governance ○ What are the architecture implications? ● My Advice: ○ Stick to high level overview ○ Remember the topic not the details. ○ ASK me questions during the lecture!
TODAY’S BIG DATA APPLICATION STACK PaaS and DC...
Big Data Generic Architecture | Summary Data Collection S3 Data Transformation Data Modeling Data Visualization
Before I forget: for new AWS accounts…. ● Disable unused regions via IAM ● Set the the limit for the instances your are using , e.g 50 instances ● Set the limit for the instances your are not using to 0! ● Remove access key secret key for root account ● Don't use root account ● Use MFA
Data Governance… Data Security Level Data governance is the capability that enables an organization to ensure that high data quality exists throughout the complete lifecycle of the data. The key focus areas of data governance include availability, usability, consistency, data integrity and data security and includes establishing processes to ensure effective data management throughout the enterprise such as accountability for the adverse effects of poor data quality and ensuring that the data which an enterprise has can be used by the entire organization.
Big Data Security: Nobody likes it… But…
AWS Regulation and more... ● https://aws.amazon.com/compliance/programs/ ● PII ● GDPR
AWS Security options in general [ sorry, not covering everything… ] ● IAM : Identity management ○ IAM : Identity management ■ User, policy, roles,group, least privileges, MFA ○ Key Management Service ■ Server Side ■ Client side ○ Disable Data centers, unused instance families, ○ Limit resources ○ Account segregation ○ Identity based policies! ● Cloud trail: enables governance, compliance, auditing, and risk auditing ● S3: Resource management (e.g s3) ○ Write only, read only, no delete ○ Versioning, encryption,life cycle policy
AWS Network options in general ● VPC ○ Create a Non Default VPC ○ Private network + Bastion host + ALB ○ Public subnet vs private subnet ○ VPC Endpoints ○ NACL ○ SG ○ IG ○ VPC peering ○ Site 2 Site - it is per VPC…. choose carefully ● Direct Connect VS HTTPS ● Cloudfront with GEOlocation protection ● https://amazon-aws-big-data-demystified.ninja/2018/06/27/aws-enterprise- grade-networking-security-what-are-your-options-to-protect-your-bigdata/
AWS Direct Connect
VPC peering
S3 Endpoint Example
VPN Example
How to Define VPC with private and public subnet http://docs.aws.amazon.com/ AmazonVPC/latest/UserGuide /VPC_Scenario2.html
VPC private subnet + Virtual Private Gateway ● https://amazon-aws-big-data- demystified.ninja/2018/06/27/ aws-enterprise-grade- networking-security-what-are- your-options-to-protect-your- bigdata/ ● http://docs.aws.amazon.com/ AmazonVPC/latest/UserGuide /VPC_VPN.html ● https://docs.openvpn.net/how- to- tutorialsguides/administration/ extending-vpn-connectivity-to- amazon-aws-vpc-using-aws-
Data Governance… Storage Level Data governance is the capability that enables an organization to ensure that high data quality exists throughout the complete lifecycle of the data. The key focus areas of data governance include availability, usability, consistency, data integrity and data security and includes establishing processes to ensure effective data management throughout the enterprise such as accountability for the adverse effects of poor data quality and ensuring that the data which an enterprise has can be used by the entire organization.
S3 coolest options on AWS ● All of your data is replicated on multi AZ! ● Life Cycle policy ● Versioning ● Cross region replication ● Undeletable bucket - No delete policy ● MFA on delete Action - with time interval of 1 min or per action. ● Deny unencrypted data write. ● Analytics
General Security Concepts | Good to know! ● protecting data while ○ in-transit (as it travels to and from Amazon S3) , 2 ways: ■ by using SSL ○ at rest (while it is stored on disks in Amazon S3 data centers) 2 ways: ■ Server Side encryption. (SSE) ■ client-side encryption. ○ In use: ■ Hasing…. (dictionary attack?) ■ Hashing with key ■ Any Encryption
Blog: S3 security options in detail https://amazon-aws-big-data-demystified.ninja/2018/06/27/aws-s3-security- introduction-and-access-management/ ● Detailed Encryption options in AWS ● Resource based policy VS Identity based policy
Server Side Encryption (SSE) summary ● Server-Side Encryption with Customer-Provided Keys (SSE-C) ■ You manage the encryption keys and Amazon S3 manages the encryption, as it writes to disks, and decryption, when you access your objects ● S3-Managed Keys (SSE-S3) ● AWS KMS-Managed Keys (SSE-KMS)
Additional aws s3 Safeguard 1. VPN (site to site) 2. IP ACL 3. Identity Based policy (who? Me? S3 read only?) 4. Resourced based policy : e.g deny delete requests/encrypted objects 5. https://amazon-aws-big-data-demystified.ninja/2018/06/27/aws-s3-security- introduction-and-access-management/
Basic S3 Security Diagram Destination AWS S3 Source Datacenter (secured) Data in Transit Client side encryption HTTPS / SSL VPN Data at Rest (Server/Client side encryption) Identity based policy:only myUser, access only to s3,write only Resource based policy: denyUnencrypted,Deny Delete,Deny Policy Change Accept only from DC IP
Data Governance… Data Availability Level Data governance is the capability that enables an organization to ensure that high data quality exists throughout the complete lifecycle of the data. The key focus areas of data governance include availability, usability, consistency, data integrity and data security and includes establishing processes to ensure effective data management throughout the enterprise such as accountability for the adverse effects of poor data quality and ensuring that the data which an enterprise has can be used by the entire organization.
Cross Region Replication ● https://docs.aws.amaz on.com/AmazonS3/lat est/dev/crr.html ● Versioning must be enabled ● SSL security at transit
Cross account bucket policy (resource based) http://docs.aws.amazon.com/AmazonS3/latest/dev/example-walkthroughs- managing-access-example2.html
Cross Region & Cross account replication https://docs.aws.amazon.com/AmazonS3/latest/dev/crr-walkthrough-2.html Account A Account B
Use Case used by Walla for DR purposes ● Cross account & Cross region replication ○ Copy all backups & and mission critical data ○ Copy all Cloud Formation templates ○ Copy all Code
Data Governance… Big Data Security Architecture Level (At rest, In motion, In use) Data governance is the capability that enables an organization to ensure that high data quality exists throughout the complete lifecycle of the data. The key focus areas of data governance include availability, usability, consistency, data integrity and data security and includes establishing processes to ensure effective data management throughout the enterprise such as accountability for the adverse effects of poor data quality and ensuring that the data which an enterprise has can be used by the entire organization.
Architecture Security Consideration ● Basicly for each component ○ At rest ,At motion,In use ● Understand different Encryption options per component ○ Prefer SSE ○ Rotate your KMS key X periods ● Restrict access via - ○ Identity based policy: Role based security per cluster/technology ○ Resource based policy ○ least privileges, avoid admin users as much as possible. ○ Manage your EC2 keys wisely ● Understand differences of ○ Direct Connect VS public internet VS VPN and their impact on your application ○ Security groups / NACL / IP Based protection ○ private subnet / public subnet on your app ● For web Consider Cloudfront for GEOlocation protection
EMR Security ● EMR specific: ○ Security configurations ○ Kerberos ● All other webs (Zeppelin, Hue, Oozie) ○ SSL ○ user/password prefer LDAP when possible ○ Shiro use role based access. ● EMR Role → restrict access to s3 buckets ● Identity level - least privileges ● application level (e.g.hive: user level, table level, row level, columns level, kerberos etc)
Data governance… Privacy in a nutshell: PII Personal Identifiable Information Data governance is the capability that enables an organization to ensure that high data quality exists throughout the complete lifecycle of the data. The key focus areas of data governance include availability, usability, consistency, data integrity and data security and includes establishing processes to ensure effective data management throughout the enterprise such as accountability for the adverse effects of poor data quality and ensuring that the data which an enterprise has can be used by the entire organization.
PII Privacy challenges in a nutshell ● Problem ○ Assume The attacker has Admin permissions ○ According to Lawyers - no such things a anonymous DB → ■ Your anonymous DB ■ Public 3rd party personal identifiable information DB ■ Joined together… implies your DB is not anonymous. ● Solution ○ Obfuscate & Aggregate your data wherever possible to avoid a scenario where an anonymous user can be reversed engineered based on the data (location history, habits + timestamp etc) ○ Keep only RAW data you need.
Data governance… Usability, & Fine Grained Access Control Data governance is the capability that enables an organization to ensure that high data quality exists throughout the complete lifecycle of the data. The key focus areas of data governance include availability, usability, consistency, data integrity and data security and includes establishing processes to ensure effective data management throughout the enterprise such as accountability for the adverse effects of poor data quality and ensuring that the data which an enterprise has can be used by the entire organization.
s3 Example AWS Architecture in one account (nothing special) Region EU-WEST-1 Region US-EAST-1 VPC Prod1 VPC stg VPC Prod2 VPC stg peering S3 endpoint
Account Segregations Motivation ● Fine grained access control. ● Fine grained billing control. ● Limit your Blast radius - ○ what happens if your account is hacked? ○ What happens if one account out of 10 of your accounts is hacked?
Simple access control in one VPC Data engineering EMR Cluster (transformation) , RW access to all buckets except modeling Data scientist EMR Cluster (modeling) , no access to RAW data, Read only access to transformation, and RW to modeling S3 raw buckets S3 transformation buckets S3 Modeling buckets Data source - write only Read Only Full Control write only
Simple Account segregation for Business units example [common use case] Users account1 Login only Business unit 1 account1 Business unit 2 account3 DR account4 Assume role Admin Bi team PreSale Pre sale and BI may have access to both business units , or just to one business unit, Admin has access to everything as usual
Account segregations per GEOlocation [data must not leave country use case] Users account Login only US-east-1 - N.virgina EU-west-2 - london DR account Assume role Admin London NewYork
Fine grained access control via Account segregations [my use case] Users account Login only In bound Data Transformation Account per data source (RAW data, cleansing, encryption) Data Modeling and obfuscation on transformed data (big data) DR account Assume role DevOps Data Science Data Engineer Prod Outbound Data Transformation Account per data source (aggregated data, obfuscated data, re- encryption)
Fine Grained Data Governance Flow via Account segregations Visualize / Prod account Inbound Data transformation per account pere data source if needed. Modeling & obfuscation account Outbound Data transformation account Raw data1 account1 READ / WRITE Encrypted PII DATA+user Hashed data DATA (hashed user id, hashed data, non PII data) Obfuscated data, Data modeling, hased users, non pii Raw data2 account2
Big Data Generic Architecture | one account Data Collection S3 Data Transformation Data Modeling Data Visualization
Big Data Generic Architecture | acc. seg. Data ingestion & RAW Data Data Transformation Data Modeling & obfuscation Data Visualization
Summary and Take messages ● Design you network from the ground up, always keep your big data in mind ○ Data access, latency, Data encryption in motion, Performance impact ○ Avoid public IP’s when possible. If possible Use Direct Connect / VPN ● Design your data access layers carefully per your organization needs. ○ RAW data + encryption @rest & @motion ○ Keep DR on data level in mind. [seperate accounts + separate region!] ○ Transformation + hashing level [inbound/outbound] ○ Modeling + obfuscation level ● Architecture impact ○ Security [at rest, in motion, in use] for each component ○ Identity based policy ○ Resource based policy ○ Account segregations, to avoid blast radius
Stay in touch... ● Omid Vahdaty ● +972-54-2384178 ● https://amazon-aws-big-data-demystified.ninja/ ● Join our meetup, FB group and youtube channel ○ https://www.meetup.com/AWS-Big-Data-Demystified/ ○ https://www.facebook.com/groups/amazon.aws.big.data.demystified/ ○ https://www.youtube.com/channel/UCzeGqhZIWU-hIDczWa8GtgQ?view_as=subscriber
Ad

Recommended

Big Data in 200 km/h | AWS Big Data Demystified #1.3
Big Data in 200 km/h | AWS Big Data Demystified #1.3 Big Data in 200 km/h | AWS Big Data Demystified #1.3
Big Data in 200 km/h | AWS Big Data Demystified #1.3
Omid Vahdaty
 
AWS big-data-demystified #1.1 | Big Data Architecture Lessons Learned | English
AWS big-data-demystified #1.1 | Big Data Architecture Lessons Learned | EnglishAWS big-data-demystified #1.1 | Big Data Architecture Lessons Learned | English
AWS big-data-demystified #1.1 | Big Data Architecture Lessons Learned | English
Omid Vahdaty
 
Amazon aws big data demystified | Introduction to streaming and messaging flu...
Amazon aws big data demystified | Introduction to streaming and messaging flu...Amazon aws big data demystified | Introduction to streaming and messaging flu...
Amazon aws big data demystified | Introduction to streaming and messaging flu...
Omid Vahdaty
 
AWS Big Data Demystified #1.2 | Big Data architecture lessons learned
AWS Big Data Demystified #1.2 | Big Data architecture lessons learned AWS Big Data Demystified #1.2 | Big Data architecture lessons learned
AWS Big Data Demystified #1.2 | Big Data architecture lessons learned
Omid Vahdaty
 
Introduction to AWS Big Data
Introduction to AWS Big Data Introduction to AWS Big Data
Introduction to AWS Big Data
Omid Vahdaty
 
AWS Big Data Demystified #1: Big data architecture lessons learned
AWS Big Data Demystified #1: Big data architecture lessons learned AWS Big Data Demystified #1: Big data architecture lessons learned
AWS Big Data Demystified #1: Big data architecture lessons learned
Omid Vahdaty
 
Meetup Google BigQuery powered by ai
Meetup Google BigQuery powered by aiMeetup Google BigQuery powered by ai
Meetup Google BigQuery powered by ai
Ido Volff
 
Zeotap: Moving to ScyllaDB - A Graph of Billions Scale
Zeotap: Moving to ScyllaDB - A Graph of Billions ScaleZeotap: Moving to ScyllaDB - A Graph of Billions Scale
Zeotap: Moving to ScyllaDB - A Graph of Billions Scale
ScyllaDB
 
Signal Digital: The Skinny on Wide Rows
Signal Digital: The Skinny on Wide RowsSignal Digital: The Skinny on Wide Rows
Signal Digital: The Skinny on Wide Rows
DataStax Academy
 
Shift: Real World Migration from MongoDB to Cassandra
Shift: Real World Migration from MongoDB to CassandraShift: Real World Migration from MongoDB to Cassandra
Shift: Real World Migration from MongoDB to Cassandra
DataStax
 
Real-time Cassandra
Real-time CassandraReal-time Cassandra
Real-time Cassandra
Acunu
 
Cassandra vs. ScyllaDB: Evolutionary Differences
Cassandra vs. ScyllaDB: Evolutionary DifferencesCassandra vs. ScyllaDB: Evolutionary Differences
Cassandra vs. ScyllaDB: Evolutionary Differences
ScyllaDB
 
DataStax and Esri: Geotemporal IoT Search and Analytics
DataStax and Esri: Geotemporal IoT Search and AnalyticsDataStax and Esri: Geotemporal IoT Search and Analytics
DataStax and Esri: Geotemporal IoT Search and Analytics
DataStax Academy
 
When to Use MongoDB
When to Use MongoDBWhen to Use MongoDB
When to Use MongoDB
MongoDB
 
Cassandra as event sourced journal for big data analytics
Cassandra as event sourced journal for big data analyticsCassandra as event sourced journal for big data analytics
Cassandra as event sourced journal for big data analytics
Anirvan Chakraborty
 
Programmatic Bidding Data Streams & Druid
Programmatic Bidding Data Streams & DruidProgrammatic Bidding Data Streams & Druid
Programmatic Bidding Data Streams & Druid
Charles Allen
 
How to Build a Scylla Database Cluster that Fits Your Needs
How to Build a Scylla Database Cluster that Fits Your NeedsHow to Build a Scylla Database Cluster that Fits Your Needs
How to Build a Scylla Database Cluster that Fits Your Needs
ScyllaDB
 
Google Cloud Spanner Preview
Google Cloud Spanner PreviewGoogle Cloud Spanner Preview
Google Cloud Spanner Preview
DoiT International
 
Improving Organizational Knowledge with Natural Language Processing Enriched ...
Improving Organizational Knowledge with Natural Language Processing Enriched ...Improving Organizational Knowledge with Natural Language Processing Enriched ...
Improving Organizational Knowledge with Natural Language Processing Enriched ...
DataWorks Summit
 
When to Use MongoDB...and When You Should Not...
When to Use MongoDB...and When You Should Not...When to Use MongoDB...and When You Should Not...
When to Use MongoDB...and When You Should Not...
MongoDB
 
HBaseCon 2015: HBase @ CyberAgent
HBaseCon 2015: HBase @ CyberAgentHBaseCon 2015: HBase @ CyberAgent
HBaseCon 2015: HBase @ CyberAgent
HBaseCon
 
Disney+ Hotstar: Scaling NoSQL for Millions of Video On-Demand Users
Disney+ Hotstar: Scaling NoSQL for Millions of Video On-Demand UsersDisney+ Hotstar: Scaling NoSQL for Millions of Video On-Demand Users
Disney+ Hotstar: Scaling NoSQL for Millions of Video On-Demand Users
ScyllaDB
 
Cassandra Community Webinar: From Mongo to Cassandra, Architectural Lessons
Cassandra Community Webinar: From Mongo to Cassandra, Architectural LessonsCassandra Community Webinar: From Mongo to Cassandra, Architectural Lessons
Cassandra Community Webinar: From Mongo to Cassandra, Architectural Lessons
DataStax
 
Webinar: Dyn + DataStax - helping companies deliver exceptional end-user expe...
Webinar: Dyn + DataStax - helping companies deliver exceptional end-user expe...Webinar: Dyn + DataStax - helping companies deliver exceptional end-user expe...
Webinar: Dyn + DataStax - helping companies deliver exceptional end-user expe...
DataStax
 
Druid
DruidDruid
Druid
Dori Waldman
 
Real-time analytics with Druid at Appsflyer
Real-time analytics with Druid at AppsflyerReal-time analytics with Druid at Appsflyer
Real-time analytics with Druid at Appsflyer
Michael Spector
 
Game Analytics at London Apache Druid Meetup
Game Analytics at London Apache Druid MeetupGame Analytics at London Apache Druid Meetup
Game Analytics at London Apache Druid Meetup
Jelena Zanko
 
What Kiwi.com Has Learned Running ScyllaDB and Go
What Kiwi.com Has Learned Running ScyllaDB and GoWhat Kiwi.com Has Learned Running ScyllaDB and Go
What Kiwi.com Has Learned Running ScyllaDB and Go
ScyllaDB
 
Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...
Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...
Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...
David Timothy Strauss
 
004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptx004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptx
nitinscribd
 
Ad

More Related Content

What's hot (20)

Signal Digital: The Skinny on Wide Rows
Signal Digital: The Skinny on Wide RowsSignal Digital: The Skinny on Wide Rows
Signal Digital: The Skinny on Wide Rows
DataStax Academy
 
Shift: Real World Migration from MongoDB to Cassandra
Shift: Real World Migration from MongoDB to CassandraShift: Real World Migration from MongoDB to Cassandra
Shift: Real World Migration from MongoDB to Cassandra
DataStax
 
Real-time Cassandra
Real-time CassandraReal-time Cassandra
Real-time Cassandra
Acunu
 
Cassandra vs. ScyllaDB: Evolutionary Differences
Cassandra vs. ScyllaDB: Evolutionary DifferencesCassandra vs. ScyllaDB: Evolutionary Differences
Cassandra vs. ScyllaDB: Evolutionary Differences
ScyllaDB
 
DataStax and Esri: Geotemporal IoT Search and Analytics
DataStax and Esri: Geotemporal IoT Search and AnalyticsDataStax and Esri: Geotemporal IoT Search and Analytics
DataStax and Esri: Geotemporal IoT Search and Analytics
DataStax Academy
 
When to Use MongoDB
When to Use MongoDBWhen to Use MongoDB
When to Use MongoDB
MongoDB
 
Cassandra as event sourced journal for big data analytics
Cassandra as event sourced journal for big data analyticsCassandra as event sourced journal for big data analytics
Cassandra as event sourced journal for big data analytics
Anirvan Chakraborty
 
Programmatic Bidding Data Streams & Druid
Programmatic Bidding Data Streams & DruidProgrammatic Bidding Data Streams & Druid
Programmatic Bidding Data Streams & Druid
Charles Allen
 
How to Build a Scylla Database Cluster that Fits Your Needs
How to Build a Scylla Database Cluster that Fits Your NeedsHow to Build a Scylla Database Cluster that Fits Your Needs
How to Build a Scylla Database Cluster that Fits Your Needs
ScyllaDB
 
Google Cloud Spanner Preview
Google Cloud Spanner PreviewGoogle Cloud Spanner Preview
Google Cloud Spanner Preview
DoiT International
 
Improving Organizational Knowledge with Natural Language Processing Enriched ...
Improving Organizational Knowledge with Natural Language Processing Enriched ...Improving Organizational Knowledge with Natural Language Processing Enriched ...
Improving Organizational Knowledge with Natural Language Processing Enriched ...
DataWorks Summit
 
When to Use MongoDB...and When You Should Not...
When to Use MongoDB...and When You Should Not...When to Use MongoDB...and When You Should Not...
When to Use MongoDB...and When You Should Not...
MongoDB
 
HBaseCon 2015: HBase @ CyberAgent
HBaseCon 2015: HBase @ CyberAgentHBaseCon 2015: HBase @ CyberAgent
HBaseCon 2015: HBase @ CyberAgent
HBaseCon
 
Disney+ Hotstar: Scaling NoSQL for Millions of Video On-Demand Users
Disney+ Hotstar: Scaling NoSQL for Millions of Video On-Demand UsersDisney+ Hotstar: Scaling NoSQL for Millions of Video On-Demand Users
Disney+ Hotstar: Scaling NoSQL for Millions of Video On-Demand Users
ScyllaDB
 
Cassandra Community Webinar: From Mongo to Cassandra, Architectural Lessons
Cassandra Community Webinar: From Mongo to Cassandra, Architectural LessonsCassandra Community Webinar: From Mongo to Cassandra, Architectural Lessons
Cassandra Community Webinar: From Mongo to Cassandra, Architectural Lessons
DataStax
 
Webinar: Dyn + DataStax - helping companies deliver exceptional end-user expe...
Webinar: Dyn + DataStax - helping companies deliver exceptional end-user expe...Webinar: Dyn + DataStax - helping companies deliver exceptional end-user expe...
Webinar: Dyn + DataStax - helping companies deliver exceptional end-user expe...
DataStax
 
Druid
DruidDruid
Druid
Dori Waldman
 
Real-time analytics with Druid at Appsflyer
Real-time analytics with Druid at AppsflyerReal-time analytics with Druid at Appsflyer
Real-time analytics with Druid at Appsflyer
Michael Spector
 
Game Analytics at London Apache Druid Meetup
Game Analytics at London Apache Druid MeetupGame Analytics at London Apache Druid Meetup
Game Analytics at London Apache Druid Meetup
Jelena Zanko
 
What Kiwi.com Has Learned Running ScyllaDB and Go
What Kiwi.com Has Learned Running ScyllaDB and GoWhat Kiwi.com Has Learned Running ScyllaDB and Go
What Kiwi.com Has Learned Running ScyllaDB and Go
ScyllaDB
 
Signal Digital: The Skinny on Wide Rows
Signal Digital: The Skinny on Wide RowsSignal Digital: The Skinny on Wide Rows
Signal Digital: The Skinny on Wide Rows
DataStax Academy
 
Shift: Real World Migration from MongoDB to Cassandra
Shift: Real World Migration from MongoDB to CassandraShift: Real World Migration from MongoDB to Cassandra
Shift: Real World Migration from MongoDB to Cassandra
DataStax
 
Real-time Cassandra
Real-time CassandraReal-time Cassandra
Real-time Cassandra
Acunu
 
Cassandra vs. ScyllaDB: Evolutionary Differences
Cassandra vs. ScyllaDB: Evolutionary DifferencesCassandra vs. ScyllaDB: Evolutionary Differences
Cassandra vs. ScyllaDB: Evolutionary Differences
ScyllaDB
 
DataStax and Esri: Geotemporal IoT Search and Analytics
DataStax and Esri: Geotemporal IoT Search and AnalyticsDataStax and Esri: Geotemporal IoT Search and Analytics
DataStax and Esri: Geotemporal IoT Search and Analytics
DataStax Academy
 
When to Use MongoDB
When to Use MongoDBWhen to Use MongoDB
When to Use MongoDB
MongoDB
 
Cassandra as event sourced journal for big data analytics
Cassandra as event sourced journal for big data analyticsCassandra as event sourced journal for big data analytics
Cassandra as event sourced journal for big data analytics
Anirvan Chakraborty
 
Programmatic Bidding Data Streams & Druid
Programmatic Bidding Data Streams & DruidProgrammatic Bidding Data Streams & Druid
Programmatic Bidding Data Streams & Druid
Charles Allen
 
How to Build a Scylla Database Cluster that Fits Your Needs
How to Build a Scylla Database Cluster that Fits Your NeedsHow to Build a Scylla Database Cluster that Fits Your Needs
How to Build a Scylla Database Cluster that Fits Your Needs
ScyllaDB
 
Google Cloud Spanner Preview
Google Cloud Spanner PreviewGoogle Cloud Spanner Preview
Google Cloud Spanner Preview
DoiT International
 
Improving Organizational Knowledge with Natural Language Processing Enriched ...
Improving Organizational Knowledge with Natural Language Processing Enriched ...Improving Organizational Knowledge with Natural Language Processing Enriched ...
Improving Organizational Knowledge with Natural Language Processing Enriched ...
DataWorks Summit
 
When to Use MongoDB...and When You Should Not...
When to Use MongoDB...and When You Should Not...When to Use MongoDB...and When You Should Not...
When to Use MongoDB...and When You Should Not...
MongoDB
 
HBaseCon 2015: HBase @ CyberAgent
HBaseCon 2015: HBase @ CyberAgentHBaseCon 2015: HBase @ CyberAgent
HBaseCon 2015: HBase @ CyberAgent
HBaseCon
 
Disney+ Hotstar: Scaling NoSQL for Millions of Video On-Demand Users
Disney+ Hotstar: Scaling NoSQL for Millions of Video On-Demand UsersDisney+ Hotstar: Scaling NoSQL for Millions of Video On-Demand Users
Disney+ Hotstar: Scaling NoSQL for Millions of Video On-Demand Users
ScyllaDB
 
Cassandra Community Webinar: From Mongo to Cassandra, Architectural Lessons
Cassandra Community Webinar: From Mongo to Cassandra, Architectural LessonsCassandra Community Webinar: From Mongo to Cassandra, Architectural Lessons
Cassandra Community Webinar: From Mongo to Cassandra, Architectural Lessons
DataStax
 
Webinar: Dyn + DataStax - helping companies deliver exceptional end-user expe...
Webinar: Dyn + DataStax - helping companies deliver exceptional end-user expe...Webinar: Dyn + DataStax - helping companies deliver exceptional end-user expe...
Webinar: Dyn + DataStax - helping companies deliver exceptional end-user expe...
DataStax
 
Druid
DruidDruid
Druid
Dori Waldman
 
Real-time analytics with Druid at Appsflyer
Real-time analytics with Druid at AppsflyerReal-time analytics with Druid at Appsflyer
Real-time analytics with Druid at Appsflyer
Michael Spector
 
Game Analytics at London Apache Druid Meetup
Game Analytics at London Apache Druid MeetupGame Analytics at London Apache Druid Meetup
Game Analytics at London Apache Druid Meetup
Jelena Zanko
 
What Kiwi.com Has Learned Running ScyllaDB and Go
What Kiwi.com Has Learned Running ScyllaDB and GoWhat Kiwi.com Has Learned Running ScyllaDB and Go
What Kiwi.com Has Learned Running ScyllaDB and Go
ScyllaDB
 

Similar to AWS Big Data Demystified #4 data governance demystified [security, network and data access management] (20)

Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...
Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...
Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...
David Timothy Strauss
 
004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptx004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptx
nitinscribd
 
Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)
Druva
 
Core strategies to develop defense in depth in AWS
Core strategies to develop defense in depth in AWSCore strategies to develop defense in depth in AWS
Core strategies to develop defense in depth in AWS
Shane Peden
 
Securing your database servers from external attacks
Securing your database servers from external attacksSecuring your database servers from external attacks
Securing your database servers from external attacks
Alkin Tezuysal
 
Resposta a Incidentes | Mind The Sec 2022 com Rodrigo Montoro
Resposta a Incidentes | Mind The Sec 2022 com Rodrigo MontoroResposta a Incidentes | Mind The Sec 2022 com Rodrigo Montoro
Resposta a Incidentes | Mind The Sec 2022 com Rodrigo Montoro
Clavis Segurança da Informação
 
Automating AWS security and compliance
Automating AWS security and compliance Automating AWS security and compliance
Automating AWS security and compliance
John Varghese
 
Enterprise Cloud Security
Enterprise Cloud SecurityEnterprise Cloud Security
Enterprise Cloud Security
MongoDB
 
Big data security in AWS.pptx
Big data security in AWS.pptxBig data security in AWS.pptx
Big data security in AWS.pptx
Ashish210583
 
Presentation on CLOUD COMPUTING (21 Slides)
Presentation on CLOUD COMPUTING (21 Slides)Presentation on CLOUD COMPUTING (21 Slides)
Presentation on CLOUD COMPUTING (21 Slides)
bhumisharmamails02
 
Data Privacy By Design with AWS
Data Privacy By Design with AWSData Privacy By Design with AWS
Data Privacy By Design with AWS
Krzysztof Kąkol
 
Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web Services
KrzysztofKkol1
 
cloud security lecture abcedfghigklmnopqrstucvbnm,
cloud security lecture abcedfghigklmnopqrstucvbnm,cloud security lecture abcedfghigklmnopqrstucvbnm,
cloud security lecture abcedfghigklmnopqrstucvbnm,
arfaouisalim
 
Designing for Privacy in AWS cloud
Designing for Privacy in AWS cloudDesigning for Privacy in AWS cloud
Designing for Privacy in AWS cloud
Krzysztof Kąkol
 
Cloud Security and some preferred practices
Cloud Security and some preferred practicesCloud Security and some preferred practices
Cloud Security and some preferred practices
Michael Pearce
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptx
Reena Harnal
 
How to protect your IoT data on AWS
How to protect your IoT data on AWSHow to protect your IoT data on AWS
How to protect your IoT data on AWS
Lahav Savir
 
Agile enterprise analytics on aws
Agile enterprise analytics on awsAgile enterprise analytics on aws
Agile enterprise analytics on aws
Don Gillis
 
Cloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving itCloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving it
Hentsū
 
In Cloud We Encrypt #GHC15
In Cloud We Encrypt #GHC15In Cloud We Encrypt #GHC15
In Cloud We Encrypt #GHC15
Intuit Inc.
 
Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...
Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...
Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...
David Timothy Strauss
 
004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptx004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptx
nitinscribd
 
Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)
Druva
 
Core strategies to develop defense in depth in AWS
Core strategies to develop defense in depth in AWSCore strategies to develop defense in depth in AWS
Core strategies to develop defense in depth in AWS
Shane Peden
 
Securing your database servers from external attacks
Securing your database servers from external attacksSecuring your database servers from external attacks
Securing your database servers from external attacks
Alkin Tezuysal
 
Resposta a Incidentes | Mind The Sec 2022 com Rodrigo Montoro
Resposta a Incidentes | Mind The Sec 2022 com Rodrigo MontoroResposta a Incidentes | Mind The Sec 2022 com Rodrigo Montoro
Resposta a Incidentes | Mind The Sec 2022 com Rodrigo Montoro
Clavis Segurança da Informação
 
Automating AWS security and compliance
Automating AWS security and compliance Automating AWS security and compliance
Automating AWS security and compliance
John Varghese
 
Enterprise Cloud Security
Enterprise Cloud SecurityEnterprise Cloud Security
Enterprise Cloud Security
MongoDB
 
Big data security in AWS.pptx
Big data security in AWS.pptxBig data security in AWS.pptx
Big data security in AWS.pptx
Ashish210583
 
Presentation on CLOUD COMPUTING (21 Slides)
Presentation on CLOUD COMPUTING (21 Slides)Presentation on CLOUD COMPUTING (21 Slides)
Presentation on CLOUD COMPUTING (21 Slides)
bhumisharmamails02
 
Data Privacy By Design with AWS
Data Privacy By Design with AWSData Privacy By Design with AWS
Data Privacy By Design with AWS
Krzysztof Kąkol
 
Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web Services
KrzysztofKkol1
 
cloud security lecture abcedfghigklmnopqrstucvbnm,
cloud security lecture abcedfghigklmnopqrstucvbnm,cloud security lecture abcedfghigklmnopqrstucvbnm,
cloud security lecture abcedfghigklmnopqrstucvbnm,
arfaouisalim
 
Designing for Privacy in AWS cloud
Designing for Privacy in AWS cloudDesigning for Privacy in AWS cloud
Designing for Privacy in AWS cloud
Krzysztof Kąkol
 
Cloud Security and some preferred practices
Cloud Security and some preferred practicesCloud Security and some preferred practices
Cloud Security and some preferred practices
Michael Pearce
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptx
Reena Harnal
 
How to protect your IoT data on AWS
How to protect your IoT data on AWSHow to protect your IoT data on AWS
How to protect your IoT data on AWS
Lahav Savir
 
Agile enterprise analytics on aws
Agile enterprise analytics on awsAgile enterprise analytics on aws
Agile enterprise analytics on aws
Don Gillis
 
Cloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving itCloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving it
Hentsū
 
In Cloud We Encrypt #GHC15
In Cloud We Encrypt #GHC15In Cloud We Encrypt #GHC15
In Cloud We Encrypt #GHC15
Intuit Inc.
 
Ad

More from Omid Vahdaty (20)

Data Pipline Observability meetup
Data Pipline Observability meetup Data Pipline Observability meetup
Data Pipline Observability meetup
Omid Vahdaty
 
Couchbase Data Platform | Big Data Demystified
Couchbase Data Platform | Big Data DemystifiedCouchbase Data Platform | Big Data Demystified
Couchbase Data Platform | Big Data Demystified
Omid Vahdaty
 
Machine Learning Essentials Demystified part2 | Big Data Demystified
Machine Learning Essentials Demystified part2 | Big Data DemystifiedMachine Learning Essentials Demystified part2 | Big Data Demystified
Machine Learning Essentials Demystified part2 | Big Data Demystified
Omid Vahdaty
 
Machine Learning Essentials Demystified part1 | Big Data Demystified
Machine Learning Essentials Demystified part1 | Big Data DemystifiedMachine Learning Essentials Demystified part1 | Big Data Demystified
Machine Learning Essentials Demystified part1 | Big Data Demystified
Omid Vahdaty
 
The technology of fake news between a new front and a new frontier | Big Dat...
The technology of fake news between a new front and a new frontier | Big Dat...The technology of fake news between a new front and a new frontier | Big Dat...
The technology of fake news between a new front and a new frontier | Big Dat...
Omid Vahdaty
 
Making your analytics talk business | Big Data Demystified
Making your analytics talk business | Big Data DemystifiedMaking your analytics talk business | Big Data Demystified
Making your analytics talk business | Big Data Demystified
Omid Vahdaty
 
BI STRATEGY FROM A BIRD'S EYE VIEW (How to become a trusted advisor) | Omri H...
BI STRATEGY FROM A BIRD'S EYE VIEW (How to become a trusted advisor) | Omri H...BI STRATEGY FROM A BIRD'S EYE VIEW (How to become a trusted advisor) | Omri H...
BI STRATEGY FROM A BIRD'S EYE VIEW (How to become a trusted advisor) | Omri H...
Omid Vahdaty
 
AI and Big Data in Health Sector Opportunities and challenges | Big Data Demy...
AI and Big Data in Health Sector Opportunities and challenges | Big Data Demy...AI and Big Data in Health Sector Opportunities and challenges | Big Data Demy...
AI and Big Data in Health Sector Opportunities and challenges | Big Data Demy...
Omid Vahdaty
 
Aerospike meetup july 2019 | Big Data Demystified
Aerospike meetup july 2019 | Big Data DemystifiedAerospike meetup july 2019 | Big Data Demystified
Aerospike meetup july 2019 | Big Data Demystified
Omid Vahdaty
 
ALIGNING YOUR BI OPERATIONS WITH YOUR CUSTOMERS' UNSPOKEN NEEDS, by Eyal Stei...
ALIGNING YOUR BI OPERATIONS WITH YOUR CUSTOMERS' UNSPOKEN NEEDS, by Eyal Stei...ALIGNING YOUR BI OPERATIONS WITH YOUR CUSTOMERS' UNSPOKEN NEEDS, by Eyal Stei...
ALIGNING YOUR BI OPERATIONS WITH YOUR CUSTOMERS' UNSPOKEN NEEDS, by Eyal Stei...
Omid Vahdaty
 
AWS Big Data Demystified #3 | Zeppelin + spark sql, jdbc + thrift, ganglia, r...
AWS Big Data Demystified #3 | Zeppelin + spark sql, jdbc + thrift, ganglia, r...AWS Big Data Demystified #3 | Zeppelin + spark sql, jdbc + thrift, ganglia, r...
AWS Big Data Demystified #3 | Zeppelin + spark sql, jdbc + thrift, ganglia, r...
Omid Vahdaty
 
AWS Big Data Demystified #2 | Athena, Spectrum, Emr, Hive
AWS Big Data Demystified #2 | Athena, Spectrum, Emr, Hive AWS Big Data Demystified #2 | Athena, Spectrum, Emr, Hive
AWS Big Data Demystified #2 | Athena, Spectrum, Emr, Hive
Omid Vahdaty
 
Emr spark tuning demystified
Emr spark tuning demystifiedEmr spark tuning demystified
Emr spark tuning demystified
Omid Vahdaty
 
Emr zeppelin & Livy demystified
Emr zeppelin & Livy demystifiedEmr zeppelin & Livy demystified
Emr zeppelin & Livy demystified
Omid Vahdaty
 
Zeppelin and spark sql demystified
Zeppelin and spark sql demystifiedZeppelin and spark sql demystified
Zeppelin and spark sql demystified
Omid Vahdaty
 
Aws s3 security
Aws s3 securityAws s3 security
Aws s3 security
Omid Vahdaty
 
Introduction to streaming and messaging flume,kafka,SQS,kinesis
Introduction to streaming and messaging flume,kafka,SQS,kinesis Introduction to streaming and messaging flume,kafka,SQS,kinesis
Introduction to streaming and messaging flume,kafka,SQS,kinesis
Omid Vahdaty
 
Introduction to aws dynamo db
Introduction to aws dynamo dbIntroduction to aws dynamo db
Introduction to aws dynamo db
Omid Vahdaty
 
Hive vs. Impala
Hive vs. ImpalaHive vs. Impala
Hive vs. Impala
Omid Vahdaty
 
Introduction to NoSql
Introduction to NoSqlIntroduction to NoSql
Introduction to NoSql
Omid Vahdaty
 
Data Pipline Observability meetup
Data Pipline Observability meetup Data Pipline Observability meetup
Data Pipline Observability meetup
Omid Vahdaty
 
Couchbase Data Platform | Big Data Demystified
Couchbase Data Platform | Big Data DemystifiedCouchbase Data Platform | Big Data Demystified
Couchbase Data Platform | Big Data Demystified
Omid Vahdaty
 
Machine Learning Essentials Demystified part2 | Big Data Demystified
Machine Learning Essentials Demystified part2 | Big Data DemystifiedMachine Learning Essentials Demystified part2 | Big Data Demystified
Machine Learning Essentials Demystified part2 | Big Data Demystified
Omid Vahdaty
 
Machine Learning Essentials Demystified part1 | Big Data Demystified
Machine Learning Essentials Demystified part1 | Big Data DemystifiedMachine Learning Essentials Demystified part1 | Big Data Demystified
Machine Learning Essentials Demystified part1 | Big Data Demystified
Omid Vahdaty
 
The technology of fake news between a new front and a new frontier | Big Dat...
The technology of fake news between a new front and a new frontier | Big Dat...The technology of fake news between a new front and a new frontier | Big Dat...
The technology of fake news between a new front and a new frontier | Big Dat...
Omid Vahdaty
 
Making your analytics talk business | Big Data Demystified
Making your analytics talk business | Big Data DemystifiedMaking your analytics talk business | Big Data Demystified
Making your analytics talk business | Big Data Demystified
Omid Vahdaty
 
BI STRATEGY FROM A BIRD'S EYE VIEW (How to become a trusted advisor) | Omri H...
BI STRATEGY FROM A BIRD'S EYE VIEW (How to become a trusted advisor) | Omri H...BI STRATEGY FROM A BIRD'S EYE VIEW (How to become a trusted advisor) | Omri H...
BI STRATEGY FROM A BIRD'S EYE VIEW (How to become a trusted advisor) | Omri H...
Omid Vahdaty
 
AI and Big Data in Health Sector Opportunities and challenges | Big Data Demy...
AI and Big Data in Health Sector Opportunities and challenges | Big Data Demy...AI and Big Data in Health Sector Opportunities and challenges | Big Data Demy...
AI and Big Data in Health Sector Opportunities and challenges | Big Data Demy...
Omid Vahdaty
 
Aerospike meetup july 2019 | Big Data Demystified
Aerospike meetup july 2019 | Big Data DemystifiedAerospike meetup july 2019 | Big Data Demystified
Aerospike meetup july 2019 | Big Data Demystified
Omid Vahdaty
 
ALIGNING YOUR BI OPERATIONS WITH YOUR CUSTOMERS' UNSPOKEN NEEDS, by Eyal Stei...
ALIGNING YOUR BI OPERATIONS WITH YOUR CUSTOMERS' UNSPOKEN NEEDS, by Eyal Stei...ALIGNING YOUR BI OPERATIONS WITH YOUR CUSTOMERS' UNSPOKEN NEEDS, by Eyal Stei...
ALIGNING YOUR BI OPERATIONS WITH YOUR CUSTOMERS' UNSPOKEN NEEDS, by Eyal Stei...
Omid Vahdaty
 
AWS Big Data Demystified #3 | Zeppelin + spark sql, jdbc + thrift, ganglia, r...
AWS Big Data Demystified #3 | Zeppelin + spark sql, jdbc + thrift, ganglia, r...AWS Big Data Demystified #3 | Zeppelin + spark sql, jdbc + thrift, ganglia, r...
AWS Big Data Demystified #3 | Zeppelin + spark sql, jdbc + thrift, ganglia, r...
Omid Vahdaty
 
AWS Big Data Demystified #2 | Athena, Spectrum, Emr, Hive
AWS Big Data Demystified #2 | Athena, Spectrum, Emr, Hive AWS Big Data Demystified #2 | Athena, Spectrum, Emr, Hive
AWS Big Data Demystified #2 | Athena, Spectrum, Emr, Hive
Omid Vahdaty
 
Emr spark tuning demystified
Emr spark tuning demystifiedEmr spark tuning demystified
Emr spark tuning demystified
Omid Vahdaty
 
Emr zeppelin & Livy demystified
Emr zeppelin & Livy demystifiedEmr zeppelin & Livy demystified
Emr zeppelin & Livy demystified
Omid Vahdaty
 
Zeppelin and spark sql demystified
Zeppelin and spark sql demystifiedZeppelin and spark sql demystified
Zeppelin and spark sql demystified
Omid Vahdaty
 
Aws s3 security
Aws s3 securityAws s3 security
Aws s3 security
Omid Vahdaty
 
Introduction to streaming and messaging flume,kafka,SQS,kinesis
Introduction to streaming and messaging flume,kafka,SQS,kinesis Introduction to streaming and messaging flume,kafka,SQS,kinesis
Introduction to streaming and messaging flume,kafka,SQS,kinesis
Omid Vahdaty
 
Introduction to aws dynamo db
Introduction to aws dynamo dbIntroduction to aws dynamo db
Introduction to aws dynamo db
Omid Vahdaty
 
Hive vs. Impala
Hive vs. ImpalaHive vs. Impala
Hive vs. Impala
Omid Vahdaty
 
Introduction to NoSql
Introduction to NoSqlIntroduction to NoSql
Introduction to NoSql
Omid Vahdaty
 
Ad

Recently uploaded (20)

Oil-gas_Unconventional oil and gass_reseviours.pdf
Oil-gas_Unconventional oil and gass_reseviours.pdfOil-gas_Unconventional oil and gass_reseviours.pdf
Oil-gas_Unconventional oil and gass_reseviours.pdf
M7md3li2
 
DT REPORT by Tech titan GROUP to introduce the subject design Thinking
DT REPORT by Tech titan GROUP to introduce the subject design ThinkingDT REPORT by Tech titan GROUP to introduce the subject design Thinking
DT REPORT by Tech titan GROUP to introduce the subject design Thinking
DhruvChotaliya2
 
five-year-soluhhhhhhhhhhhhhhhhhtions.pdf
five-year-soluhhhhhhhhhhhhhhhhhtions.pdffive-year-soluhhhhhhhhhhhhhhhhhtions.pdf
five-year-soluhhhhhhhhhhhhhhhhhtions.pdf
AdityaSharma944496
 
DSP and MV the Color image processing.ppt
DSP and MV the Color image processing.pptDSP and MV the Color image processing.ppt
DSP and MV the Color image processing.ppt
HafizAhamed8
 
introduction to machine learining for beginers
introduction to machine learining for beginersintroduction to machine learining for beginers
introduction to machine learining for beginers
JoydebSheet
 
15th International Conference on Computer Science, Engineering and Applicatio...
15th International Conference on Computer Science, Engineering and Applicatio...15th International Conference on Computer Science, Engineering and Applicatio...
15th International Conference on Computer Science, Engineering and Applicatio...
IJCSES Journal
 
Reagent dosing (Bredel) presentation.pptx
Reagent dosing (Bredel) presentation.pptxReagent dosing (Bredel) presentation.pptx
Reagent dosing (Bredel) presentation.pptx
AlejandroOdio
 
Degree_of_Automation.pdf for Instrumentation and industrial specialist
Degree_of_Automation.pdf for Instrumentation and industrial specialistDegree_of_Automation.pdf for Instrumentation and industrial specialist
Degree_of_Automation.pdf for Instrumentation and industrial specialist
shreyabhosale19
 
Artificial Intelligence (AI) basics.pptx
Artificial Intelligence (AI) basics.pptxArtificial Intelligence (AI) basics.pptx
Artificial Intelligence (AI) basics.pptx
aditichinar
 
Explainable-Artificial-Intelligence-XAI-A-Deep-Dive (1).pptx
Explainable-Artificial-Intelligence-XAI-A-Deep-Dive (1).pptxExplainable-Artificial-Intelligence-XAI-A-Deep-Dive (1).pptx
Explainable-Artificial-Intelligence-XAI-A-Deep-Dive (1).pptx
MahaveerVPandit
 
Fort night presentation new0903 pdf.pdf.
Fort night presentation new0903 pdf.pdf.Fort night presentation new0903 pdf.pdf.
Fort night presentation new0903 pdf.pdf.
anuragmk56
 
Machine learning project on employee attrition detection using (2).pptx
Machine learning project on employee attrition detection using (2).pptxMachine learning project on employee attrition detection using (2).pptx
Machine learning project on employee attrition detection using (2).pptx
rajeswari89780
 
Metal alkyne complexes.pptx in chemistry
Metal alkyne complexes.pptx in chemistryMetal alkyne complexes.pptx in chemistry
Metal alkyne complexes.pptx in chemistry
mee23nu
 
π0.5: a Vision-Language-Action Model with Open-World Generalization
π0.5: a Vision-Language-Action Model with Open-World Generalizationπ0.5: a Vision-Language-Action Model with Open-World Generalization
π0.5: a Vision-Language-Action Model with Open-World Generalization
NABLAS株式会社
 
Compiler Design Unit1 PPT Phases of Compiler.pptx
Compiler Design Unit1 PPT Phases of Compiler.pptxCompiler Design Unit1 PPT Phases of Compiler.pptx
Compiler Design Unit1 PPT Phases of Compiler.pptx
RushaliDeshmukh2
 
MAQUINARIA MINAS CEMA 6th Edition (1).pdf
MAQUINARIA MINAS CEMA 6th Edition (1).pdfMAQUINARIA MINAS CEMA 6th Edition (1).pdf
MAQUINARIA MINAS CEMA 6th Edition (1).pdf
ssuser562df4
 
Value Stream Mapping Worskshops for Intelligent Continuous Security
Value Stream Mapping Worskshops for Intelligent Continuous SecurityValue Stream Mapping Worskshops for Intelligent Continuous Security
Value Stream Mapping Worskshops for Intelligent Continuous Security
Marc Hornbeek
 
Smart_Storage_Systems_Production_Engineering.pptx
Smart_Storage_Systems_Production_Engineering.pptxSmart_Storage_Systems_Production_Engineering.pptx
Smart_Storage_Systems_Production_Engineering.pptx
rushikeshnavghare94
 
Development of MLR, ANN and ANFIS Models for Estimation of PCUs at Different ...
Development of MLR, ANN and ANFIS Models for Estimation of PCUs at Different ...Development of MLR, ANN and ANFIS Models for Estimation of PCUs at Different ...
Development of MLR, ANN and ANFIS Models for Estimation of PCUs at Different ...
Journal of Soft Computing in Civil Engineering
 
Data Structures_Searching and Sorting.pptx
Data Structures_Searching and Sorting.pptxData Structures_Searching and Sorting.pptx
Data Structures_Searching and Sorting.pptx
RushaliDeshmukh2
 
Oil-gas_Unconventional oil and gass_reseviours.pdf
Oil-gas_Unconventional oil and gass_reseviours.pdfOil-gas_Unconventional oil and gass_reseviours.pdf
Oil-gas_Unconventional oil and gass_reseviours.pdf
M7md3li2
 
DT REPORT by Tech titan GROUP to introduce the subject design Thinking
DT REPORT by Tech titan GROUP to introduce the subject design ThinkingDT REPORT by Tech titan GROUP to introduce the subject design Thinking
DT REPORT by Tech titan GROUP to introduce the subject design Thinking
DhruvChotaliya2
 
five-year-soluhhhhhhhhhhhhhhhhhtions.pdf
five-year-soluhhhhhhhhhhhhhhhhhtions.pdffive-year-soluhhhhhhhhhhhhhhhhhtions.pdf
five-year-soluhhhhhhhhhhhhhhhhhtions.pdf
AdityaSharma944496
 
DSP and MV the Color image processing.ppt
DSP and MV the Color image processing.pptDSP and MV the Color image processing.ppt
DSP and MV the Color image processing.ppt
HafizAhamed8
 
introduction to machine learining for beginers
introduction to machine learining for beginersintroduction to machine learining for beginers
introduction to machine learining for beginers
JoydebSheet
 
15th International Conference on Computer Science, Engineering and Applicatio...
15th International Conference on Computer Science, Engineering and Applicatio...15th International Conference on Computer Science, Engineering and Applicatio...
15th International Conference on Computer Science, Engineering and Applicatio...
IJCSES Journal
 
Reagent dosing (Bredel) presentation.pptx
Reagent dosing (Bredel) presentation.pptxReagent dosing (Bredel) presentation.pptx
Reagent dosing (Bredel) presentation.pptx
AlejandroOdio
 
Degree_of_Automation.pdf for Instrumentation and industrial specialist
Degree_of_Automation.pdf for Instrumentation and industrial specialistDegree_of_Automation.pdf for Instrumentation and industrial specialist
Degree_of_Automation.pdf for Instrumentation and industrial specialist
shreyabhosale19
 
Artificial Intelligence (AI) basics.pptx
Artificial Intelligence (AI) basics.pptxArtificial Intelligence (AI) basics.pptx
Artificial Intelligence (AI) basics.pptx
aditichinar
 
Explainable-Artificial-Intelligence-XAI-A-Deep-Dive (1).pptx
Explainable-Artificial-Intelligence-XAI-A-Deep-Dive (1).pptxExplainable-Artificial-Intelligence-XAI-A-Deep-Dive (1).pptx
Explainable-Artificial-Intelligence-XAI-A-Deep-Dive (1).pptx
MahaveerVPandit
 
Fort night presentation new0903 pdf.pdf.
Fort night presentation new0903 pdf.pdf.Fort night presentation new0903 pdf.pdf.
Fort night presentation new0903 pdf.pdf.
anuragmk56
 
Machine learning project on employee attrition detection using (2).pptx
Machine learning project on employee attrition detection using (2).pptxMachine learning project on employee attrition detection using (2).pptx
Machine learning project on employee attrition detection using (2).pptx
rajeswari89780
 
Metal alkyne complexes.pptx in chemistry
Metal alkyne complexes.pptx in chemistryMetal alkyne complexes.pptx in chemistry
Metal alkyne complexes.pptx in chemistry
mee23nu
 
π0.5: a Vision-Language-Action Model with Open-World Generalization
π0.5: a Vision-Language-Action Model with Open-World Generalizationπ0.5: a Vision-Language-Action Model with Open-World Generalization
π0.5: a Vision-Language-Action Model with Open-World Generalization
NABLAS株式会社
 
Compiler Design Unit1 PPT Phases of Compiler.pptx
Compiler Design Unit1 PPT Phases of Compiler.pptxCompiler Design Unit1 PPT Phases of Compiler.pptx
Compiler Design Unit1 PPT Phases of Compiler.pptx
RushaliDeshmukh2
 
MAQUINARIA MINAS CEMA 6th Edition (1).pdf
MAQUINARIA MINAS CEMA 6th Edition (1).pdfMAQUINARIA MINAS CEMA 6th Edition (1).pdf
MAQUINARIA MINAS CEMA 6th Edition (1).pdf
ssuser562df4
 
Value Stream Mapping Worskshops for Intelligent Continuous Security
Value Stream Mapping Worskshops for Intelligent Continuous SecurityValue Stream Mapping Worskshops for Intelligent Continuous Security
Value Stream Mapping Worskshops for Intelligent Continuous Security
Marc Hornbeek
 
Smart_Storage_Systems_Production_Engineering.pptx
Smart_Storage_Systems_Production_Engineering.pptxSmart_Storage_Systems_Production_Engineering.pptx
Smart_Storage_Systems_Production_Engineering.pptx
rushikeshnavghare94
 
Development of MLR, ANN and ANFIS Models for Estimation of PCUs at Different ...
Development of MLR, ANN and ANFIS Models for Estimation of PCUs at Different ...Development of MLR, ANN and ANFIS Models for Estimation of PCUs at Different ...
Development of MLR, ANN and ANFIS Models for Estimation of PCUs at Different ...
Journal of Soft Computing in Civil Engineering
 
Data Structures_Searching and Sorting.pptx
Data Structures_Searching and Sorting.pptxData Structures_Searching and Sorting.pptx
Data Structures_Searching and Sorting.pptx
RushaliDeshmukh2
 

AWS Big Data Demystified #4 data governance demystified [security, network and data access management]

  • 1. AWS Data Governance Demystified [Network, Security,Privacy & Data Access Management] AWS Big Data Demystified #4 Omid Vahdaty, Big Data Ninja
  • 2. Agenda ● Disclaimer ○ I am not a network and security expert ○ This is not a security and network lecture ● Agenda…. ○ All the possible consideration for my data? (access,regulation, availability etc) == Data Governance ○ What are the architecture implications? ● My Advice: ○ Stick to high level overview ○ Remember the topic not the details. ○ ASK me questions during the lecture!
  • 3. TODAY’S BIG DATA APPLICATION STACK PaaS and DC...
  • 4. Big Data Generic Architecture | Summary Data Collection S3 Data Transformation Data Modeling Data Visualization
  • 5. Before I forget: for new AWS accounts…. ● Disable unused regions via IAM ● Set the the limit for the instances your are using , e.g 50 instances ● Set the limit for the instances your are not using to 0! ● Remove access key secret key for root account ● Don't use root account ● Use MFA
  • 6. Data Governance… Data Security Level Data governance is the capability that enables an organization to ensure that high data quality exists throughout the complete lifecycle of the data. The key focus areas of data governance include availability, usability, consistency, data integrity and data security and includes establishing processes to ensure effective data management throughout the enterprise such as accountability for the adverse effects of poor data quality and ensuring that the data which an enterprise has can be used by the entire organization.
  • 7. Big Data Security: Nobody likes it… But…
  • 8. AWS Regulation and more... ● https://aws.amazon.com/compliance/programs/ ● PII ● GDPR
  • 9. AWS Security options in general [ sorry, not covering everything… ] ● IAM : Identity management ○ IAM : Identity management ■ User, policy, roles,group, least privileges, MFA ○ Key Management Service ■ Server Side ■ Client side ○ Disable Data centers, unused instance families, ○ Limit resources ○ Account segregation ○ Identity based policies! ● Cloud trail: enables governance, compliance, auditing, and risk auditing ● S3: Resource management (e.g s3) ○ Write only, read only, no delete ○ Versioning, encryption,life cycle policy
  • 10. AWS Network options in general ● VPC ○ Create a Non Default VPC ○ Private network + Bastion host + ALB ○ Public subnet vs private subnet ○ VPC Endpoints ○ NACL ○ SG ○ IG ○ VPC peering ○ Site 2 Site - it is per VPC…. choose carefully ● Direct Connect VS HTTPS ● Cloudfront with GEOlocation protection ● https://amazon-aws-big-data-demystified.ninja/2018/06/27/aws-enterprise- grade-networking-security-what-are-your-options-to-protect-your-bigdata/
  • 15. How to Define VPC with private and public subnet http://docs.aws.amazon.com/ AmazonVPC/latest/UserGuide /VPC_Scenario2.html
  • 16. VPC private subnet + Virtual Private Gateway ● https://amazon-aws-big-data- demystified.ninja/2018/06/27/ aws-enterprise-grade- networking-security-what-are- your-options-to-protect-your- bigdata/ ● http://docs.aws.amazon.com/ AmazonVPC/latest/UserGuide /VPC_VPN.html ● https://docs.openvpn.net/how- to- tutorialsguides/administration/ extending-vpn-connectivity-to- amazon-aws-vpc-using-aws-
  • 17. Data Governance… Storage Level Data governance is the capability that enables an organization to ensure that high data quality exists throughout the complete lifecycle of the data. The key focus areas of data governance include availability, usability, consistency, data integrity and data security and includes establishing processes to ensure effective data management throughout the enterprise such as accountability for the adverse effects of poor data quality and ensuring that the data which an enterprise has can be used by the entire organization.
  • 18. S3 coolest options on AWS ● All of your data is replicated on multi AZ! ● Life Cycle policy ● Versioning ● Cross region replication ● Undeletable bucket - No delete policy ● MFA on delete Action - with time interval of 1 min or per action. ● Deny unencrypted data write. ● Analytics
  • 19. General Security Concepts | Good to know! ● protecting data while ○ in-transit (as it travels to and from Amazon S3) , 2 ways: ■ by using SSL ○ at rest (while it is stored on disks in Amazon S3 data centers) 2 ways: ■ Server Side encryption. (SSE) ■ client-side encryption. ○ In use: ■ Hasing…. (dictionary attack?) ■ Hashing with key ■ Any Encryption
  • 20. Blog: S3 security options in detail https://amazon-aws-big-data-demystified.ninja/2018/06/27/aws-s3-security- introduction-and-access-management/ ● Detailed Encryption options in AWS ● Resource based policy VS Identity based policy
  • 21. Server Side Encryption (SSE) summary ● Server-Side Encryption with Customer-Provided Keys (SSE-C) ■ You manage the encryption keys and Amazon S3 manages the encryption, as it writes to disks, and decryption, when you access your objects ● S3-Managed Keys (SSE-S3) ● AWS KMS-Managed Keys (SSE-KMS)
  • 22. Additional aws s3 Safeguard 1. VPN (site to site) 2. IP ACL 3. Identity Based policy (who? Me? S3 read only?) 4. Resourced based policy : e.g deny delete requests/encrypted objects 5. https://amazon-aws-big-data-demystified.ninja/2018/06/27/aws-s3-security- introduction-and-access-management/
  • 23. Basic S3 Security Diagram Destination AWS S3 Source Datacenter (secured) Data in Transit Client side encryption HTTPS / SSL VPN Data at Rest (Server/Client side encryption) Identity based policy:only myUser, access only to s3,write only Resource based policy: denyUnencrypted,Deny Delete,Deny Policy Change Accept only from DC IP
  • 24. Data Governance… Data Availability Level Data governance is the capability that enables an organization to ensure that high data quality exists throughout the complete lifecycle of the data. The key focus areas of data governance include availability, usability, consistency, data integrity and data security and includes establishing processes to ensure effective data management throughout the enterprise such as accountability for the adverse effects of poor data quality and ensuring that the data which an enterprise has can be used by the entire organization.
  • 25. Cross Region Replication ● https://docs.aws.amaz on.com/AmazonS3/lat est/dev/crr.html ● Versioning must be enabled ● SSL security at transit
  • 26. Cross account bucket policy (resource based) http://docs.aws.amazon.com/AmazonS3/latest/dev/example-walkthroughs- managing-access-example2.html
  • 27. Cross Region & Cross account replication https://docs.aws.amazon.com/AmazonS3/latest/dev/crr-walkthrough-2.html Account A Account B
  • 28. Use Case used by Walla for DR purposes ● Cross account & Cross region replication ○ Copy all backups & and mission critical data ○ Copy all Cloud Formation templates ○ Copy all Code
  • 29. Data Governance… Big Data Security Architecture Level (At rest, In motion, In use) Data governance is the capability that enables an organization to ensure that high data quality exists throughout the complete lifecycle of the data. The key focus areas of data governance include availability, usability, consistency, data integrity and data security and includes establishing processes to ensure effective data management throughout the enterprise such as accountability for the adverse effects of poor data quality and ensuring that the data which an enterprise has can be used by the entire organization.
  • 30. Architecture Security Consideration ● Basicly for each component ○ At rest ,At motion,In use ● Understand different Encryption options per component ○ Prefer SSE ○ Rotate your KMS key X periods ● Restrict access via - ○ Identity based policy: Role based security per cluster/technology ○ Resource based policy ○ least privileges, avoid admin users as much as possible. ○ Manage your EC2 keys wisely ● Understand differences of ○ Direct Connect VS public internet VS VPN and their impact on your application ○ Security groups / NACL / IP Based protection ○ private subnet / public subnet on your app ● For web Consider Cloudfront for GEOlocation protection
  • 31. EMR Security ● EMR specific: ○ Security configurations ○ Kerberos ● All other webs (Zeppelin, Hue, Oozie) ○ SSL ○ user/password prefer LDAP when possible ○ Shiro use role based access. ● EMR Role → restrict access to s3 buckets ● Identity level - least privileges ● application level (e.g.hive: user level, table level, row level, columns level, kerberos etc)
  • 32. Data governance… Privacy in a nutshell: PII Personal Identifiable Information Data governance is the capability that enables an organization to ensure that high data quality exists throughout the complete lifecycle of the data. The key focus areas of data governance include availability, usability, consistency, data integrity and data security and includes establishing processes to ensure effective data management throughout the enterprise such as accountability for the adverse effects of poor data quality and ensuring that the data which an enterprise has can be used by the entire organization.
  • 33. PII Privacy challenges in a nutshell ● Problem ○ Assume The attacker has Admin permissions ○ According to Lawyers - no such things a anonymous DB → ■ Your anonymous DB ■ Public 3rd party personal identifiable information DB ■ Joined together… implies your DB is not anonymous. ● Solution ○ Obfuscate & Aggregate your data wherever possible to avoid a scenario where an anonymous user can be reversed engineered based on the data (location history, habits + timestamp etc) ○ Keep only RAW data you need.
  • 34. Data governance… Usability, & Fine Grained Access Control Data governance is the capability that enables an organization to ensure that high data quality exists throughout the complete lifecycle of the data. The key focus areas of data governance include availability, usability, consistency, data integrity and data security and includes establishing processes to ensure effective data management throughout the enterprise such as accountability for the adverse effects of poor data quality and ensuring that the data which an enterprise has can be used by the entire organization.
  • 35. s3 Example AWS Architecture in one account (nothing special) Region EU-WEST-1 Region US-EAST-1 VPC Prod1 VPC stg VPC Prod2 VPC stg peering S3 endpoint
  • 36. Account Segregations Motivation ● Fine grained access control. ● Fine grained billing control. ● Limit your Blast radius - ○ what happens if your account is hacked? ○ What happens if one account out of 10 of your accounts is hacked?
  • 37. Simple access control in one VPC Data engineering EMR Cluster (transformation) , RW access to all buckets except modeling Data scientist EMR Cluster (modeling) , no access to RAW data, Read only access to transformation, and RW to modeling S3 raw buckets S3 transformation buckets S3 Modeling buckets Data source - write only Read Only Full Control write only
  • 38. Simple Account segregation for Business units example [common use case] Users account1 Login only Business unit 1 account1 Business unit 2 account3 DR account4 Assume role Admin Bi team PreSale Pre sale and BI may have access to both business units , or just to one business unit, Admin has access to everything as usual
  • 39. Account segregations per GEOlocation [data must not leave country use case] Users account Login only US-east-1 - N.virgina EU-west-2 - london DR account Assume role Admin London NewYork
  • 40. Fine grained access control via Account segregations [my use case] Users account Login only In bound Data Transformation Account per data source (RAW data, cleansing, encryption) Data Modeling and obfuscation on transformed data (big data) DR account Assume role DevOps Data Science Data Engineer Prod Outbound Data Transformation Account per data source (aggregated data, obfuscated data, re- encryption)
  • 41. Fine Grained Data Governance Flow via Account segregations Visualize / Prod account Inbound Data transformation per account pere data source if needed. Modeling & obfuscation account Outbound Data transformation account Raw data1 account1 READ / WRITE Encrypted PII DATA+user Hashed data DATA (hashed user id, hashed data, non PII data) Obfuscated data, Data modeling, hased users, non pii Raw data2 account2
  • 42. Big Data Generic Architecture | one account Data Collection S3 Data Transformation Data Modeling Data Visualization
  • 43. Big Data Generic Architecture | acc. seg. Data ingestion & RAW Data Data Transformation Data Modeling & obfuscation Data Visualization
  • 44. Summary and Take messages ● Design you network from the ground up, always keep your big data in mind ○ Data access, latency, Data encryption in motion, Performance impact ○ Avoid public IP’s when possible. If possible Use Direct Connect / VPN ● Design your data access layers carefully per your organization needs. ○ RAW data + encryption @rest & @motion ○ Keep DR on data level in mind. [seperate accounts + separate region!] ○ Transformation + hashing level [inbound/outbound] ○ Modeling + obfuscation level ● Architecture impact ○ Security [at rest, in motion, in use] for each component ○ Identity based policy ○ Resource based policy ○ Account segregations, to avoid blast radius
  • 45. Stay in touch... ● Omid Vahdaty ● +972-54-2384178 ● https://amazon-aws-big-data-demystified.ninja/ ● Join our meetup, FB group and youtube channel ○ https://www.meetup.com/AWS-Big-Data-Demystified/ ○ https://www.facebook.com/groups/amazon.aws.big.data.demystified/ ○ https://www.youtube.com/channel/UCzeGqhZIWU-hIDczWa8GtgQ?view_as=subscriber