David Tishgart: Senior Director of Marketing and Alliances at Gazzang
Brady Gentile: Community Manager at DataStax
TL;DR: Gazzang provides data security solutions and expertise to help customers protect sensitive data in big data environments; their primary focus is data encryption and key management for data at rest in Cassandra. They provide an encryption layer that sits between Apache Cassandra and the file system.
The problems that Gazzang typically solves are ones related to regulations; these include HIPPA or PCI or FERPA or FIPS. Interestingly, they’re starting to see more customers come to us because they either have European customers (or they themselves are located in Europe) and are concerned about data custodian issues and want to know how they can secure data in a US cloud
Sam Heywood, Senior Director or Products at Gazzang, presents “Lock It Up: Securing Sensitive Data” at Cassandra Summit 2013
Hello, Planet Cassandra. Today we have with us David Tishgart, Senior Director of Marketing and Alliances at Gazzang. David, thanks so much for joining today. To get things started, what does Gazzang do?
Thanks, Brady. Glad to be here. Gazzang provides data security solutions and expertise to help customers protect sensitive data in big data environments. Our primary focus is data encryption and key management for data at rest in Cassandra. We have a number of customers, both large and small, but primarily in the enterprise vein and what they’re looking to do is protect sensitive data that often falls under regulatory requirements; these include HIPPA or PCI or FERPA. FIPS is another requirement we get asked a lot about. Interestingly, we’re starting to see more customers come to us because they either have European customers or they themselves are located in Europe. They’re very concerned about data custodian issues and want to know how they can secure data in a US cloud and continue to maintain ownership of that data while keeping it away from potential prying eyes.
That’s really great. And how does Apache Cassandra work with the services that you provide?
What we do is we provide an encryption layer that sits between the application and the file system. In this case, the application is Apache Cassandra but it could be Apache Hadoop or Solr. Anything that you’re doing above the file system, that writes to a file system, we encrypt that data.
Then we’ve got a key manager that basically says, “OK. If you want to get the keys to the data back, you have to meet certain requirements or policies that you set when encrypting.” That makes it so that a random person or process can’t go ahead and access the sensitive data that you encrypted.
We’ve got encryption and key management that sits beneath the Cassandra application and it does the encryption and decryption transparently. That means, you don’t have to make any changes to your application, storage or data. It’s also very high performance.
We recently completed a benchmark with Cassandra and we saw very low, single-digit performance hit when running Gazzang encryption. Anybody that’s ever run an application on encrypted data will know that that’s incredibly fast and almost unnoticeable.
That’s excellent. You can find that benchmark here. It sounds like you’ve a lot of motivation for providing your services to Cassandra users. Could you shed some light on real-world or example use cases for someone using Gazzang on Cassandra?
A company that spends a lot of time and effort implementing and deploying Cassandra will ultimately hear from someone in the Compliance and Security office who says, “OK, fantastic. That’s a great application. Now what are you going to do to keep this compliant?” Or, “I don’t want to get a call late at night from somebody saying, ‘Hey, my data’s been breached. I just saw my credit card out on Pastebin. What happened? I thought I was safe with you guys.’”
That’s when we typically get called in to help. The problems we typically solve are ones related to regulated data dimensions. Protected health information, (things like x-rays, medical history, billing records) and PCI data (credit card information and other financial data like your bank statements). Companies that are storing this data and running analytics on it need to protect it. They’ve got certain requirements that say, “You’ve got to encrypt data at rest. You’ve got to manage your keys.” We’re often called to help with those and almost always at the last minute.
In order for one of some customers to win business with a new customer, they often have responsibility by that end-user to encrypt data on their behalf.
One of the cool things about Gazzang being software only is that we can get it up and running on anybody’s environment in a short time frame. Doing so allows for customers to quickly win business. It’s a pretty impressive value proposition when you can say “yeah, I have data at-rest encryption and strong key management.”
For really large-scale deployments, like you might see on Cassandra, you can deploy us rapidly using automated Chef or Puppet scripts. These are widely available and become a really easy install through dev ops tools.
Great. Is there anything from a security perspective that you would like to see coming out in future versions of Apache Cassandra?
I think the integration is really simple and straightforward right now. I think it’s really fantastic that there’s such an emphasis on security in the Cassandra community. We love that DataStax is putting more emphasis on that as well, especially in the latest release that includes application level encryption.
One of the things that I think is going to be interesting moving forward, and that we may hopefully see is Cassandra and Gazzang working together where you can store Cassandra configuration files or certificates in Gazzang’s key manager.
That would be great. Do you have any experience with the community?
We attend as many Cassandra events as we can. We’re certainly at the NY Cassandra 2013 conference, Cassandra Summit 2013 and meetups; we try to be as present in the Apache Cassandra world whenever possible. It’s certainly one of the most vibrant open source communities out there right now.
Excellent. David, thank you so much for joining me today and telling us a little bit about what Gazzang does and how it works with Apache Cassandra. Before we sign off, is there anything else that you’d like to add?
I think that one of the things that we always like to tell people is that if you’re doing any work with Cassandra, or any big data platform, think about the data that’s going in there and what could happen if placed in the wrong hands. Data that you may not think is sensitive may, in fact, ultimately be very important to your business.
If it’s not something that you’d want your competitors to see, then you should consider securing it. The very best way to secure it is through encryption and key management.
Good advice. David, thanks again for joining us today and best of luck to you and Gazzang.
Sure. Thanks, Brady.