Hortonworks snaps up and open sources Hadoop security solution

Hortonworks, a Hadoop vendor and one of the staunchest advocates of Hadoop as an open source project rather than something to be commercialized, has announced the acquisition of a security solution for Hadoop.

But rather than merely scoop up a third-party vendor's product and resell it, Hortonworks has announced a plan to contribute the security solution back to the open source community as an Apache Software Foundation project.

The acquired company, XA Secure, produces a security solution for Hadoop designed to add "data security, authorization, auditing, and overall governance" features to the product. Several existing companies, such as Sprint, have already been using XA Secure's Hadoop solution.

Hadoop has solutions in place for authentication -- determining who a user is -- but not so much authorization -- determining what a user has access to. So far, the most consistent controls are available in HDFS, the file system used within Hadoop, but not much exists outside of that in terms of an application-wide framework.

Tim Hall, VP of product management for Hortonworks, described XA Secure's approach as coming from its roots in enterprise security, which includes companies like Verisign and Oracle. "[XA Secure] approached this by recognizing the opportunity that existed to simplify the approach to central security authorization, and where it could go -- audits, compliance requirements, regulatory requirements -- and being able to deliver that back to customers in the context of Hadoop."

Hall noted that XA Secure's approach was centered around the end user experience of the security admin, making it easier to do things like dashboarding and global policies at a glance for Hadoop.

But the most striking part of the announcement is how Hortonworks plans to take XA Secure's work and redeploy it as an open source project. Not one maintained by Hortonworks itself, but rather as a project hosted by the Apache Foundation, the same organization that oversees the development of Hadoop generally.

"We fundamentally believe that working within the open community is the way to progress and propel innovation in the market," said Hall, "and that the proprietary, bolt-on approach is the wrong approach."

Existing XA Secure customers will continue to have their agreements honored, and Hortonworks also plans to distribute the existing binaries for the software until the open source project has been set up. This is set to happen sometime in the second half of the year with the creation of the Apache incubator.

Hortonworks further hopes this will encourage the creation of a general security framework for Hadoop across all of its moving parts. "We think this will be a common security umbrella, including the UI and the generalization mechanisms, so all components of the ecosystem can plug into it," said Hall.

To what degree such plugging in will happen is unclear, since any number of other solutions could arise in the interim. In a parallel announcement released yesterday, Cloudera announced it had certified a similar product, Voltage SecureData, for its own Hadoop distribution, although that product is a commercial, proprietary offering that's far less likely to become a generalized Hadoop security solution than an open source project.

Much of how Hortonworks has differentiated itself from other Hadoop vendors is through its pure open source strategy as expressed through partnerships with similarly minded companies like Red Hat. But Hortonworks has also done deals with Microsoft -- most recently, to have Hortonworks's flavor of Hadoop supported on Windows Azure -- and so isn't above being pragmatic, provided it doesn't compromise its core mission.

This story, "Hortonworks snaps up and open sources Hadoop security solution" was originally published by InfoWorld .

Join the discussion
Be the first to comment on this article. Our Commenting Policies
See more