trademark

Recommendations

Info

1.0 Secure Computations in Distributed Programming Frameworks (cont.) 1.9 Protect mappers 1.9.1 Why? To avoid generating incorrect aggregate outputs. 1.9.2 How? Detect the mappers returning wrong results due to malicious modifications. 1.10 Check for altered copies of data 1.10.1 Why? To avoid attacks in cloud and virtual environments. 1.10.2 How? Detect for the data nodes that are re-introducing the altered copies and check such nodes for their legitimacy. Hashing mechanism and cell timestamps of cell data will enforce integrity. CLOUD SECURITY ALLIANCE Big Data Working Group Guidance © Copyright 2016, Cloud Security Alliance. All rights reserved. 12
2.0 Security Best Practices for Non- Relational Data Stores Non-relational data stores such as NoSQL databases typically have very few robust security aspects embedded in them. Solutions to NoSQL injection attacks are not yet completely mature. With these limitations in mind, the following suggestions are the best techniques to incorporate while considering security aspects for non-relational data stores. 2.1 Protect Passwords 2.1.1 Why? To ensure privacy. 2.1.2 How? • By encryption or hashing using secure hashing algorithms. • Use cryptographic hashing algorithms functions such as SHA2 (SHA-256 or higher) and SHA3. • When hashing, use salt to counter offline, brute-force attacks. 2.2 Safeguard data by data encryption while at rest 2.2.1 Why? To reliably protect data in spite of weak authentication and authorization techniques applied. 2.2.2 How? Use strong encryption methods such as the Advanced Encryption Standard (AES), RSA, and Secure Hash Algorithm 2 (SHA-256). The storage of code and encryption keys must be separate from the data storage or repository. The encryption keys should be backed up in an offline, secured location. CLOUD SECURITY ALLIANCE Big Data Working Group Guidance © Copyright 2016, Cloud Security Alliance. All rights reserved. 13
Page 2 and 3: The permanent and official location
Page 4 and 5: Table of Contents (cont.) 3.1.1 Why
Page 6 and 7: Table of Contents (cont.) 8.7 Emplo
Page 8 and 9: Introduction The term “big data
Page 10 and 11: 1.0 Secure Computations in Distribu
Page 14 and 15: 2.0 Security Best Practices for Non
Page 16 and 17: 2.0 Security Best Practices for Non
Page 18 and 19: 3.0 Secure Data Storage and Transac
Page 20 and 21: 3.0 Secure Data Storage and Transac
Page 22 and 23: 4.0 Endpoint Input Validation/Filte
Page 24 and 25: 4.0 Enpoint Input Validation/Filter
Page 26 and 27: 4.0 Enpoint Input Validation/Filter
Page 28 and 29: 5.0 Real-Time Security/Compliance M
Page 30 and 31: 5.0 Real-Time Security/Compliance M
Page 32 and 33: 6.0 Scalable and Composable Privacy
Page 38 and 39: 7.0 Cryptographic Technologies for
Page 44 and 45: 8.0 Granular Access Control (cont.)
Page 46 and 47: 8.0 Granular Access Control (cont.)
Page 48 and 49: 9.0 Granular Audits It is a best pr
Page 50 and 51: 9.0 Granular Audits (cont.) 9.5 Saf
Page 52 and 53: 9.0 Granular Audits (cont.) 9.10 Cr
Page 54 and 55: 10.0 Data Provenance (cont.) the da
Page 56 and 57: 10.0 Data Provenance (cont.) 10.5 I
Page 58 and 59: 10.0 Data Provenance (cont.) hashed
Page 60 and 61: References [ABC+07] Giuseppe Atenie
Page 62 and 63:
References (cont.) [KL10] Seny Kama
show all

trademark

Create successful ePaper yourself

Delete template?

Save as template?