Cloudera continues to add to its portfolio of offerings to secure the Apache Hadoop enterprise data management platform. Its latest release is a new security layer called RecordService that centrally enforces role-based access control policies across Hadoop and acts as a complementary technology to existing policy control, the company said.

RecordService works alongside Apache Sentry, which already provides unified policy definition for Hadoop. Sentry is currently in incubation with the Apache Foundation. RecordService is key to Cloudera’s plan to expand Hadoop for the enterprise, the company said.

While Sentry addresses policy definition by applying consistent policies across different access paths to data stores, its function is limited as the Hadoop ecosystem has expanded to include different access engines such as Apache Spark, Impala and Apache Solr, according to Cloudera. Using Sentry alone has made it challenging to enforce its policies without limiting access to the data itself, the company said.

One example of this can be found in the differences in control levels that different engines support. While Impala supports granular row- and column-level controls, Spark and MapReduce only support file- or table-level controls, according to Cloudera. In modern architectures that use multiple access engines, these diversities in functionality result in complicated workarounds or a reliance on security that either allows users access to the entire data set or no access at all, the company said.

RecordService solves this problem by providing a new layer that provides a single point of policy enforcement for simplifying security with unified row- and column-level controls for all access paths, including Spark and MapReduce, according to Cloudera. This allows enterprises to gain secure insights from data stored and managed in Hadoop without developing ad-hoc workarounds that can lead to errors and vulnerabilities, said Eddie Garcia, chief security architect, Cloudera, in a press release.

"There have been rapid improvements made to Hadoop security, addressing the growing need to store and analyze sensitive data in the platform,” he said. “However, for Hadoop to continue to evolve and support the next generation of analytics for more users and access paths, security needs to become universal across the platform. With RecordService, the Hadoop community fulfills the vision of unified fine-grained access controls across every Hadoop access path.”

RecordService is currently in public beta and is available under the Apache open source license. Eventually the software will be transitioned to the Apache Software Foundation, Cloudera said.