Overview of Data Security System

Source: Internet
Author: User
Keywords data security data security system data security in the cloud
In terms of positioning, the security of big data mainly includes the following 3 aspects:
1. Data access security:
① Service authentication: to ensure the legitimacy of each role, which can effectively prevent identity disguise. Security management between services
②Authorization management: the management authority to operate. Safety management of people and services
2. Data desensitization security:
Security solutions for data content. He needs a specification to define the sensitivity level and access control of the data
3. Data audit security:
Data audit is the value system provides data access audit logs, supports data blood relationship tracking, and tracks the flow of data and the process of derivative changes

From the execution process, the security of big data includes the following 6 aspects:
1. Transaction security
2. Transmission security
3. Subscription security
4. Data warehouse security
5. Access security
6. Terminal security

 Transaction security:
This is generally DBA control

Transmission and subscription security:
Security first step: Import security:
Mainly accomplish the following goals:
1. Limited access. The database establishes a special account for data import, to ensure the read-only of this account, ip restriction
2. Login isolation. Data transmission machine access isolation.
3. Security control of the topic of the message queue, dual control of the user and ip

Access security
Access security can be divided into internal api access security and external api access security. Internal API access is relatively simple, and only need to control very sensitive data. The security level of external data access is relatively high, and special openapi and gateways need to be established. And can do:
1. Security key mechanism and management platform to ensure authentication security
2. Group authorization mechanism
3. Access control
4. Audit

 Data warehouse security
1. First, ensure the closedness of the data warehouse, and do not allow any client to directly access data and submit Hadoop tasks
2. Secondly, use kerberos to authenticate and manage incoming groups to ensure communication security between services
3. Once again, build an ldap system to manage the accounts and relationships between users and organizations
4. Best, audit log and query system for resume data access

terminal security
It mainly involves data encryption and protection of user terminals.

User perspective
Data warehouse administrator:
Permission: 5 stars
1. All data warehouse access permissions
2. Data access content is audited

Data development:
Permission: 3 stars
1. Limited access to the data warehouse
2. The access authority of the data warehouse is restricted and assigned by management personnel
3. Data access content is audited

Business development:
Permission: 2 stars
1. Limited interface access rights
2. The access authority of the interface is restricted and assigned by the manager

Product Operations:
Permission: 1 star

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.