Modern Data Security For Hadoop

Delegated Access Control and Encryption Management System

NuCypher Hadoop leads the advancement of big data security with an innovative re-encryption cryptosystem. It’s purpose-built for sharing sensitive data in compliance with strict governance and residency requirements. NuCypher arms security professionals with new capabilities for protecting globally-distributed corporate data lakes.

State-of-the-Art Encryption.
Uses AES256-GCM and standardized ECIES elliptic curve encryption (ANSI, IEEE, ISO, NIST curves).

Automated, policy-based encryption.
Protects sensitive data in TXT, AVRO, Sequence, RC, ORC, JSON, XML, CSV file formats.

Cryptographic enforcement of ACLs.
Integrates with Ranger/Sentry and AD/LDAP authorization groups to protect against insider risks.

Broad file systems support.
Support for HDFS, Amazon S3, and similar file systems.

Transparent Encryption.
Doesn’t impair MapReduce, Hive, HBase, Impala, and Pig processing.

Fine-grained decryption permissions.
File, block, and even column-level.

Parcels for major distros.
Packages for Apache, Cloudera, Hortonworks, and Amazon EMR.

Secure, ultra-fast key rotation.
Removes the KMS as a bottleneck for key rotation without downtime.

FIPS 140-2 Compliant.
Industry standard Key Management Interface Protocol (KMIP) support for leading Hardware Security Modules.

Public cloud in financial services faces four primary obstacles: key rotation, on-premise key management, FIPS compliance, and intrusion protection. NuCypher solves the first three, accelerating our adoption of cloud technology.

Chief Cloud Architect, Tier 1 Investment Bank

Make Your Data an Asset

Not A Liability

NuCypher Hadoop supports granular encryption and fine-grained decryption permissions. Combined with delegated access for internal employees and external partners and customers, it enables secure multi-tenant clouds and centralized data lakes. It works seamlessly across your entire environment — on-premise, hybrid, and public cloud. NuCypher Hadoop allows you to maintain on-premise key management while unlocking the elasticity of the public cloud.

Policy-Based Encryption for Total Control.
NuCypher Hadoop covers everything: it protects broadly with file or block encryption as well as granularly by field. Set access based on existing policies: who can use the data, where they can use it, and when they can use it.

Automated and Simplified Key Management That’s Blazingly Fast.
NuCypher Hadoop supports on-premise key management so that encryption keys never leave your control. It supports encryption for unlimited clusters across private, public, or hybrid clouds.

Unparalleled Performance and Scalability With Zero Impact On Analytics.
Processing doesn’t require constant communication between compute nodes and the key management service (KMS). The KMS doesn’t have to stay online during a job, removing latency bottlenecks and slow requests over the network.

Adaptable to Fit Existing Hadoop Environments.
A drop-in replacement for Transparent Data Encryption (TDE), NuCypher Hadoop is distribution agnostic. It supports Apache, Cloudera, and Hortonworks distributions, as well as Amazon’s EMR.