trademark

Recommendations

Info

2.0 Security Best Practices for Non-Relational Data Stores (cont.) 2.8 Control communication across cluster 2.8.1 Why? To ensure a secure channel. 2.8.2 How? Ensure each node validates the trust level of other participating nodes before establishing a trusted communication channel. 2.9 Ensure data replication consistency 2.9.1 Why? To handle node failures correctly. 2.9.2 How? Use intelligent hashing algorithms and ensure that the replicated data is consistent across the nodes, even during node failure. 2.10 Utilize middleware layer for security to encapsulate underlying NoSQL stratum 2.10.1 Why? To have a virtual secure layer. 2.10.2 How? By inducing object-level security at the collection, or column-level through the middleware, retaining its thin database layer. CLOUD SECURITY ALLIANCE Big Data Working Group Guidance © Copyright 2016, Cloud Security Alliance. All rights reserved. 16
3.0 Secure Data Storage and Transactions Logs Security is needed in big data storage management because solutions, such as auto tiering, do not record the storage place of data. The following practices should be implemented to avoid security threats. 3.1 Implement exchange of signed message digests 3.1.1 Why? To address potential disputes. 3.1.2 How? • Use common message digests (SHA-2 or stronger) to provide digital identifier for each digital file or document, which is then digitally signed by the sender for non-repudiation. • Use the same message digest for identical documents. • Use distinct message digests even if the document is partially altered. 3.2 Ensure periodic audit of chain hash or persistent authenticated dictionary (PAD) 3.2.1 Why? To solve user freshness and update serializability issues. 3.2.2 How? Use techniques such as red-black tree and skip lists data structures to implement PAD [AGT01]. CLOUD SECURITY ALLIANCE Big Data Working Group Guidance © Copyright 2016, Cloud Security Alliance. All rights reserved. 17
Page 2 and 3: The permanent and official location
Page 4 and 5: Table of Contents (cont.) 3.1.1 Why
Page 6 and 7: Table of Contents (cont.) 8.7 Emplo
Page 8 and 9: Introduction The term “big data
Page 10 and 11: 1.0 Secure Computations in Distribu
Page 12 and 13: 1.0 Secure Computations in Distribu
Page 14 and 15: 2.0 Security Best Practices for Non
Page 18 and 19: 3.0 Secure Data Storage and Transac
Page 20 and 21: 3.0 Secure Data Storage and Transac
Page 22 and 23: 4.0 Endpoint Input Validation/Filte
Page 24 and 25: 4.0 Enpoint Input Validation/Filter
Page 26 and 27: 4.0 Enpoint Input Validation/Filter
Page 28 and 29: 5.0 Real-Time Security/Compliance M
Page 30 and 31: 5.0 Real-Time Security/Compliance M
Page 32 and 33: 6.0 Scalable and Composable Privacy
Page 38 and 39: 7.0 Cryptographic Technologies for
Page 44 and 45: 8.0 Granular Access Control (cont.)
Page 46 and 47: 8.0 Granular Access Control (cont.)
Page 48 and 49: 9.0 Granular Audits It is a best pr
Page 50 and 51: 9.0 Granular Audits (cont.) 9.5 Saf
Page 52 and 53: 9.0 Granular Audits (cont.) 9.10 Cr
Page 54 and 55: 10.0 Data Provenance (cont.) the da
Page 56 and 57: 10.0 Data Provenance (cont.) 10.5 I
Page 58 and 59: 10.0 Data Provenance (cont.) hashed
Page 60 and 61: References [ABC+07] Giuseppe Atenie
Page 62 and 63: References (cont.) [KL10] Seny Kama

trademark

Create successful ePaper yourself

Delete template?

Save as template?