Skip to main content

Securing sensitive info Xerox way

How can Hadoop help to address the challenge of securing sensitive information in a document and limit it to your private cloud? If you want to know how the amazing guys at Xerox have proposed novel architecture to this business problem, then read on.

Since many documents and applications such as electronic medical records (EMR), tax forms, surveys, claims may contain both sensitive private as well as public information, there needs to be a way to protect private and still be able to distribute public info from the same document.

In the architecture approach invented by Shanmuga-nathan Gnanasambandam, Naveen Sharma, Wendell Lewis Kibler (Xerox), firstly, a processor executes to determine document structure from interconnected documents and intelligently indicate “specific information, passages, and/or components of the document as sensitive or insensitive information”. The private information is stored as a file along with meta data on internal cloud storage while the public information is stored as a public file on the external cloud storage like Amazon.

Private and public files may be stored in a replicated fashion in a distributed file system (like HDFS) where a file may be replicated and/or split into a plurality of pieces. “Each piece or replica differs slightly from the others in that each piece or replica includes a bit pattern different from the other (i.e., each replica is not identical byte-for-byte to any other replica)”.

The team goes one step further and once the replicas are stored, the replication process of Hadoop kicks in to store one or more replicas relatively close to the point of consumption and one or more replicas one or more hops away from the point of consumption. “As a result, the farther a particular replicated file is from the point of consumption, the larger the number of replicated files to decode or crack and the longer the encryption key”.

When a user needs to access the entire document, the client program may access and decrypt private file from private cloud along with public file from public cloud, merges them to show one consolidated document view. Hadoop here is architected to compute and store documents in accordance with a multi split/replica approach enabling the unique design.


Popular posts from this blog

In-memory data model with Apache Gora

Open source in-memory data model and persistence for big data framework Apache Gora™ version 0.3, was released in May 2013. The 0.3 release offers significant improvements and changes to a number of modules including a number of bug fixes. However, what may be of significant interest to the DynamoDB community will be the addition of a gora-dynamodb datastore for mapping and persisting objects to Amazon's DynamoDB. Additionally the release includes various improvements to the gora-core and gora-cassandra modules as well as a new Web Services API implementation which enables users to extend Gora to any cloud storage platform of their choice. This 2-part post provides commentary on all of the above and a whole lot more, expanding to cover where Gora fits in within the NoSQL and Big Data space, the development challenges and features which have been baked into Gora 0.3 and finally what we have on the road map for the 0.4 development drive.
Introducing Apache Gora Although there are var…

Data deduplication tactics with HDFS and MapReduce

As the amount of data continues to grow exponentially, there has been increased focus on stored data reduction methods. Data compression, single instance store and data deduplication are among the common techniques employed for stored data reduction.
Deduplication often refers to elimination of redundant subfiles (also known as chunks, blocks, or extents). Unlike compression, data is not changed and eliminates storage capacity for identical data. Data deduplication offers significant advantage in terms of reduction in storage, network bandwidth and promises increased scalability.
From a simplistic use case perspective, we can see application in removing duplicates in Call Detail Record (CDR) for a Telecom carrier. Similarly, we may apply the technique to optimize on network traffic carrying the same data packets.
Some of the common methods for data deduplication in storage architecture include hashing, binary comparison and delta differencing. In this post, we focus on how MapReduce and…

Amazon DynamoDB datastore for Gora

What was initially suggested during causal conversation at ApacheCon2011 in November 2011 as a “neat idea”, would soon become prime ground for Gora's first taste of participation within Google's Summer of Code program. Initially, the project, titled Amazon DynamoDB datastore for Gora, merely aimed to extend the Gora framework to Amazon DynamoDB. However, it seem became obvious that the issue would include much more than that simple vision.

The Gora 0.3 Toolbox We briefly digress to discuss some other noticeable additions to Gora in 0.3, namely: Modification of the Query interface: The Query interface was amended from Query<K, T> to Query<K, T extends Persistent> to be more precise and explicit for developers. Consequently all implementors and users of the Query interface can only pass object's of Persistent type. Logging improvements for data store mappings: A key aspect of using Gora well is the establishment and accurate definitio…