Presented By O’Reilly and Cloudera
Make Data Work
21–22 May 2018: Training
22–24 May 2018: Tutorials & Conference
London, UK

Securing and governing hybrid, cloud, and on-premises big data deployments, step by step

Mark Donsky (Okera), Steffen Maerkl (Cloudera), Andre Araujo (Cloudera)
13:3017:00 Tuesday, 22 May 2018
Law, ethics, and governance, Platform security and cybersecurity
Location: Capital Suite 15 Level: Intermediate
Secondary topics:  Security and Privacy

Who is this presentation for?

  • Security and Hadoop administrators

Prerequisite knowledge

  • A general understanding of Hadoop concepts, basic security principles, and cloud concepts, such as S3, EMR, and transient clusters
  • Familiarity with the various regulations that your organization is concerned about (GDPR, HIPAA, PCI, etc.) and how you might want to organize and classify your data according to these regulations (e.g., "I need to know where credit card numbers are stored in the system")

Materials or downloads needed in advance

  • A WiFi-enabled laptop

What you'll learn

  • Learn best practices for security and governing cloud, on-premises, and hybrid deployments, including wire encryption, data-at-rest encryption, governance, and unified, secure data catalogs for self-service discovery


Many Hadoop clusters lack even the most basic security controls. This is due to several factors: some security features did not exist as recently as two years ago, and the complexity of Hadoop security has proved daunting to administrators. However, it’s incumbent on security admins to ensure a consistently secured and governed experience for end users and administrators across multiple workloads that span on-premises, private cloud, multicloud, and hybrid cloud deployments.

Mark Donsky, Steffen Maerkl, and André Araujo share best practices for meeting these challenges as they walk you through securing a Hadoop cluster. You’ll start with a cluster with no security and then add security features related to authentication, authorization, encryption of data at rest, encryption of data in transit, and complete data governance. For each security feature, Mark, Steffen, and André cover the following topics:

  • Introduction: What the security feature is, what protection it provides, and best practices and recommendations
  • Planning: How to enable the feature in a phased manner with the fewest growing pains and least risk
  • Relevance: Why it’s important (demonstrated by live attacks against a cluster without the target security feature)
  • Implementation: An overview of how the implementation is performed, where the moving parts are, and potential pitfalls
Photo of Mark Donsky

Mark Donsky


Mark Donsky is a director of product management at Okera, a software provider that provides discovery, access control, and governance at scale for today’s modern heterogenous data environments, where he leads product management. Previously, Mark led data management and governance solutions at Cloudera, and he’s held product management roles at companies such as Wily Technology, where he managed the flagship application performance management solution, and Silver Spring Networks, where he managed big data analytics solutions that reduced greenhouse gas emissions by millions of dollars annually. He holds a BS with honors in computer science from the Western University, Ontario, Canada.

Photo of Steffen Maerkl

Steffen Maerkl


Steffen Maerkl is a systems engineer at Cloudera, where he is part of the global security and data governance specialization team supporting customers across the central EMEA region, with a strong focus on the automotive, manufacturing, and telco markets. Steffen has held a number of consulting and presales positions in the fields of data warehousing, business analytics, and big data at companies such as Cirquent/NTT Data and Oracle. He holds a BSc in business informatics from the Technical University of Munich.

Photo of Andre Araujo

Andre Araujo


André Araujo is a principal solutions architect at Cloudera. An experienced consultant with a deep understanding of the Hadoop stack and its components and a methodical and keen troubleshooter who loves making things run faster, André is skilled across the entire Hadoop ecosystem and specializes in building high-performance, secure, robust, and scalable architectures to fit customers’ needs.