Keywordsdata security data security system data security in the cloud
In terms of positioning, the security of big data mainly includes the following 3 aspects:
1. Data access security:
① Service authentication: to ensure the legitimacy of each role, which can effectively prevent identity disguise. Security management between services
②Authorization management: the management authority to operate. Safety management of people and services
2. Data desensitization security:
Security solutions for data content. He needs a specification to define the sensitivity level and access control of the data
3. Data audit security:
Data audit is the value system provides data access audit logs, supports data blood relationship tracking, and tracks the flow of data and the process of derivative changes
From the execution process, the security of big data includes the following 6 aspects:
1. Transaction security
2. Transmission security
3. Subscription security
4. Data warehouse security
5. Access security
6. Terminal security
Transaction security:
This is generally DBA control
Transmission and subscription security:
Security first step: Import security:
Mainly accomplish the following goals:
1. Limited access. The database establishes a special account for data import, to ensure the read-only of this account, ip restriction
2. Login isolation. Data transmission machine access isolation.
3. Security control of the topic of the message queue, dual control of the user and ip
Access security
Access security can be divided into internal api access security and external api access security. Internal API access is relatively simple, and only need to control very sensitive data. The security level of external data access is relatively high, and special openapi and gateways need to be established. And can do:
1. Security key mechanism and management platform to ensure authentication security
2. Group authorization mechanism
3. Access control
4. Audit
Data warehouse security
1. First, ensure the closedness of the data warehouse, and do not allow any client to directly access data and submit Hadoop tasks
2. Secondly, use kerberos to authenticate and manage incoming groups to ensure communication security between services
3. Once again, build an ldap system to manage the accounts and relationships between users and organizations
4. Best, audit log and query system for resume data access
terminal security
It mainly involves data encryption and protection of user terminals.
User perspective
Data warehouse administrator:
Permission: 5 stars
1. All data warehouse access permissions
2. Data access content is audited
Data development:
Permission: 3 stars
1. Limited access to the data warehouse
2. The access authority of the data warehouse is restricted and assigned by management personnel
3. Data access content is audited
Business development:
Permission: 2 stars
1. Limited interface access rights
2. The access authority of the interface is restricted and assigned by the manager
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
