Hortonworks announced Thursday that it has acquired XA Secure, a 15-month-old security startup that has been developing centralized security capabilities for the Apache Hadoop stack. The deal fits Hortonworks' stated mission to turn Hadoop into an enterprise-ready, mission-critical platform.
"The introduction of YARN last October has allowed Hadoop to move from batch processing to batch, interactive, SQL, and real-time workloads, but the challenge is now centralized security administration," said Tim Hall, Hortonworks' VP of product management, in a phone interview with InformationWeek. "XA Secure simplifies and coordinates enforcement of security policies across all the engines that are available within the Hadoop ecosystem."
The terms of the deal were not disclosed, but Hall said XA Secure's 10 employees have joined Hortonworks.
[Want more on Cloudera's Sentry project? Read Cloudera Brings Role-Based Security To Hadoop.]
There are multiple provisions and projects already in existence to ensure Hadoop security, including Kerberose authentication for access control to files in HDFS and DBA interfaces in Hive, to grant and revoke access to queries. Hortonworks has also integrated Hadoop Kerberose support with LDAP and Active Directory, but XA Secure has developed a centralized security layer that ensures a more comprehensive and holistic approach, according to Hall.
"XA Secure gives the security administrator a user interface in which to define security policies for authorization. They have also harmonized an approach for how the various components of Hadoop can plug into this policy layer for coordinated enforcement."
XA Secure policies address authentication, authorization, and auditing, and Hortonworks said it will coordinate with third-party tools to meet more specific security needs such as data encryption. The company also plans to extend XA Secure audit capabilities by integrating with Hortonwork's existing system auditing functionality.
XA Secure's security platform is a commercial product, but Hortonworks says it will donate the intellectual property to the Apache Foundation in hopes of getting it to incubator project status by the second half of 2014. In the interim, Hall says, Hortonworks will add XA Secure's software into its distribution as early as June, making it available to Hortonworks Data Platform Enterprise Plus subscribers.
Hortonworks rival Cloudera has promoted the Apache Sentry project (already in incubator status) for enhanced Hadoop security, but Hall characterized that system as "an interesting idea aimed at the wrong kind of persona.
"Today, to configure Sentry you have to fiddle with XML files, and that's not exactly something that security administrators want to figure out how to do. Today, Sentry is also primarily protecting Hive. They're trying to extend that, but they expect you to buy proprietary technology to do security."
Once XA Secure is available in open-source it will be accessible to all, but Hortonworks will support it only at the higher of its two subscription support levels, Enterprise and Enterprise Plus. Enterprise Plus covers the entire HDP distribution plus Accumulo, Storm, and soon, XA Secure.
NIST's cyber security framework gives critical-infrastructure operators a new tool to assess readiness. But will operators put this voluntary framework to work? Read the Protecting Critical Infrastructure issue of InformationWeek Government today.