From the Canyon Edge -- :-Dustin

Tuesday, March 13, 2012

Gazzang the Thang: Big Data

I'm thrilled to see Gazzang's next big thang is now out of the gate...

We announced today our comprehensive, turnkey encryption platform for Big Data, Hadoop, NoSQL, and several other cloud workloads.  Our encryption technology is built on top of eCryptfs and transparently encrypts data, protecting sensitive data at rest without requiring modifications to your applications, partitioning, or filesystems.

We've tested our Gazzang Encryption Platform for Big Data against Apache Hadoop, Apache Cassandra, and MongoDB, on Ubuntu 10.04 LTS and Ubuntu 11.10, with both OpenJDK and Sun Java.

The news hit a good handful of tech news outlets today.  Enjoy!
:-Dustin

4 comments:

  1. I take the process based access control is specific to the Gazzang offering and not something that is going to be driven into the ecryptfs layer as a standard feature?

    The process based access control is key. I've never really understood the security model of the common ecryptfs usage as a systemwide mountable filesystem that had the same security afforded normal directories once mounted system wide.

    But a process based control system that limited the decrypted data stream to specific processes that makes much more sense to me as a security model.

    -jef

    ReplyDelete
  2. Hey Dustin, this is GREAT! I was following all the links, but couldn't see where to download it, am i being dumb?

    ReplyDelete
  3. Hi Jef, great question!

    The process based access control is part of the ezNcryptfs layer, which sits on top of eCryptfs. ezNcryptfs is GPLv2 (like eCryptfs), but builds an out-of-tree DKMS kernel module. And as such, it does run on Fedora, CentOS, and RHEL. I have had conversations with the upstream eCryptfs kernel maintainer, but Gazzang's approach (while technically sound) is not acceptable in the upstream kernel in its current state. It will take some rearchitecting and rewriting -- which is a goal of ours -- though it will take some time.

    Dustin

    ReplyDelete
  4. Dustin,

    I try really really hard not to beat up on technical failings for specific implementations of so I've been reluctant to realy poke at eCryptfs usage scenarios based on my understanding of the security model because of that. But I will say that without a per process based control system I have so far viewed eCryptfs as highly limited in terms of value to security because of the way it exposes mountpoints systemwide. I think the process controls fix this.


    One question, does the process based control work well with SElinux RBAC and/or MLS? If these technology integrate well together, there's probably a market outside of cloud in the government sector for Gazzang's product.

    -jef

    ReplyDelete

Please do not use blog comments for support requests! Blog comments do not scale well to this effect.

Instead, please use Launchpad for Bugs and StackExchange for Questions.
* bugs.launchpad.net
* stackexchange.com

Thanks,
:-Dustin

Printfriendly