Diving into Platfora’s Security Features

With this post we dive into the security features built into Platfora.

First a quick refresher on the powerful Platfora workflow concepts and capabilities:  Platfora provides analysts with fast, interactive access to Big Data through visualizations and analytical tools designed to tap into all an organization’s data. It is designed to be fast, leveraging an unique in-memory method for data analysis and giving analysts access anywhere that HTML5 can be used (meaning any modern web browser). A key capability is building in-memory lenses that can scale out to terabytes of in-memory data. Platfora transforms Apache Hadoop into a subsecond-interactive, exploratory business intelligence and analytics platform. This removes key bottlenecks for organizations seeking to make use of their data holdings and is very empowering to analysts.

Now back to security:

Platfora has developed a security model that is comprehensive and complete, but still simple to understand and intuitive to configure.

Platfora’s Role-Based Access Controls (RBAC) authorize what users and administrators can do in the system, both at broad and detailed levels.

Users log into Platfora with their identity using local or industry standard enterprise Authentication, Authorization, and Accounting solutions. To simplify management of security
roles, Platfora supports User Groups and batch management of access roles and permissions.
Platfora approaches security from three separate axes:
• Data Level Security
• User-Created Object-Level Security
• System-Level Security

With this three-pronged approach, Platfora provides a simple, intuitive model for security configuration, as well as a model that provides comprehensive protection against unauthorized access to sensitive data.

Regarding data-level security, Platfora allows organizations to control data access at multiple levels.

Raw Data Sources

As data sources are defined in Platfora, administrators can determine which users have access to the raw data
exposed through the data source (or mount point). This coarse-grained permission is easy to configure and
provides blanket access to raw data.

Platfora Datasets

To give organizations more flexibility, Platfora also allows administrators to define data access permissions
around datasets derived from the data source. With this finer degree of control, administrators can segment the
data from a data source into specific datasets with controlled access.

Platfora allows administrators to define data access permissions to restrict data access to  specific fields in a dataset. Administrators can restrict access to detailed data fields, while still providing access to summary or aggregate data. For example, hiding detailed employee information, such as name and job title, yet still allowing access to salary data aggregated by gender, department or years of service. Platfora supports Kerberos for data access in the Hadoop cluster.

platforaeditdataset

User-Created Object Level Security

In addition to data-level security, users can also control security at the object level. This gives users control over their own Platfora-created objects such as Lenses and Vizboards. Platfora Object Permissions control access such as:

  • Who can see my Vizboard?
  • Who can edit my Visualizations?
  • Who can use my Lens?

platforasharingandpermissionsIn Platfora, data security is managed separately from object security.

This model provides a simple, straightforward method for managing data access.

The owner of a specific object has the flexibility to decide who can work with their objects – desirable in self-service and workgroup environments — without compromising data security.

By keeping data access control simple, and not combining it with object-level security, Platfora reduces the likelihood of security misconfiguration and user error. Security models that rely on a complex object inheritance model to control data access are much more likely to accidentally expose data to unauthorized users.

System-Level Security

Platfora allows system administrators to control who can do what in Platfora, and who is allowed to make system-wide changes. System-level security is typically managed by a small group of trusted individuals (those with the role of system administrator). Administrators can assign users one of five system roles ranging from Viewer to System Administrator.

System-Level Permissions control application-level operations, such as:

  • Who can build Lenses (the act of materializing the data from Hadoop into Platfora’s Fractal Cache™ technology)
  • Who can manage system configuration settings?
  • What is the maximum Lens size that a user can create?
  • Who can manage users and groups?

 Integration with Third Party Authentication and Authorization Systems

Platfora_LDAPLDAP / Active Directory:  Platfora supports LDAP / Active Directory integration for user authentication and group membership. By leveraging LDAP, users can log into Platfora using their familiar credentials. Organizational policies around password complexity and periodic password changes are enforced.

Kerberos: Platfora supports Kerberos authentication to Kerberos-protected Hadoop services.

 

For more information on Platfora and security see http://platfora.com

 

Sign up for your free CTOvision Pro trial today for unique insights, exclusive content and special reporting.

CTOvision Pro Special Technology Assessments

We produce special technology reviews continuously updated for CTOvision Pro members. Categories we cover include:

  • Analytical Tools - With a special focus on technologies that can make dramatic positive improvements for enterprise analysts.
  • Big Data - We cover the technologies that help organizations deal with massive quantities of data.
  • Cloud Computing - We curate information on the technologies enabling enterprise use of the cloud.
  • Communications - Advances in communications are revolutionizing how data gets moved.
  • GreenIT - A great and virtuous reason to modernize!
  • Infrastructure  - Modernizing Infrastructure can have dramatic benefits on functionality while reducing operating costs.
  • Mobile - This revolution is empowering the workforce in ways few of us ever dreamed of.
  • Security  -  There are real needs for enhancements to security systems.
  • Visualization  - Connecting computers with humans.
  • Hot Technologies - Firms we believe warrant special attention.

 

Recent Research

Request Your Invite to the 20 May 2014 Andreessen Horowitz Fed Forum in DC

Amazon Hopeful that Fire TV will Spread

What The Enterprise IT Professional Needs To Know About Git and GitHub

3D Printing… At Home?

Tech Firms Seeking To Serve Federal Missions: Here is how to follow the money

Creating The New Cyber Warrior: Eight South Carolina Universities Compete

Mobile Gamers: Fun-Seeking but Fickle

Update from DIA CTO, CIO and Chief Engineer on ICITE and Enterprise Apps

Pew Report: Increasing Technology Use among Seniors

Finding The Elusive Data Scientist In The Federal Space

DoD Public And Private Cloud Mandates: And insights from a deployed communications professional on why it matters

Intel CEO Brian Krzanich and Cloudera CSO Mike Olson on Intel and Cloudera’s Technology Collaboration

solid
About Bob Gourley

Bob Gourley is the publisher of CTOvision.com and DelphiBrief.com and the new analysis focused Analyst One Bob's background is as an all source intelligence analyst and an enterprise CTO. Find him on Twitter at @BobGourley