Network and Data security concerns when building and using a KAVE

The KPMG-NL Big Data team
16 March 2015
ETL
ETL
RAW
XML
CSV
WEB
Video
Audio






ETL
Ganglia_monitor
Kavelanding
Kavetoolboxgate
Hdfs_client
Yarn_client
Mapreduce2_client
Zookeeper_client









Ganglia_monitor
Namenode
Resourcemanager
Zookeeper_server
App_timeline_server
Historyserver
Kavetoolboxnode
Ganglia_monitor
Secondary_namenode
Zookeeper_server
Kavetoolboxnode
Ganglia_monitor
Gitlab_server
Jenkins_master
Ganglia_monitor
Nimbus_master
Stormsd_ui_server
Zookeeper_server
Kavetoolboxnode
Ganglia_monitor
Supervisor_slave
Kavetoolboxnode
Ganglia_monitor
Jboss_app_master
Ganglia_monitor
Mongodb_master
Ambari_server
Ganglia_server
Nagios_server
Ganglia_monitor
Ganglia_monitor
Datanode
Nodemanager
Kavetoolboxnode

1




2











and
Two clients combine and share insights securely
Webpage/
Interface
Mobile
App
One-way flow
of data
Two-way flow of insights or
limited public data, complete
client control
Client A
Trusted
Third Party
A
Trusted
Third Party
B
Personally
Identifiable
Information
PII
Sensitive
data source
Personally
Identifiable
Information
Private
Local
KAVE
Shared
Remote
KAVE
Public
Data
Source








Client B
Private
Remote
KAVE
PII
Sensitive
data source
No single attractive target for hackers






Input: Encrypted,
stripped and preprocessed
External auth matrix
LDAP or AD
LDAP
Kerberos
SSL
Matrix-based
authorization
Access:
Encrypted
and controlled
Storage:
Encrypted
Data:
Encrypted
Communication:
Encrypted
KAVE
Internal network:
'double hop'
required
Specific, firewall
controlled staged DMZs
Client source:
Controlled as
needed
Administration
hidden from
external
access
Strict firewall rules
Output:
Encrypted and
destinations tightly
controlled
© 2015 KPMG Advisory N.V., registered with the trade register in
the Netherlands under number 33263682, a member firm of the
KPMG network of independent member firms affiliated with
KPMG International Cooperative (‘KPMG International’), a Swiss
entity. All rights reserved. Printed in the Netherlands. The KPMG
name, logo and ‘cutting through complexity’ are registered
trademarks of KPMG International.
Produced by Create Graphics | Document number CRT039089