Engineering and Security Blog: New Cazena Release Highlights Enterprise Security

[field_blogimage]

April 18, 2019

By: John Piekos, VP of Engineering and Brian Lachance, CISO

It's a big day for Cazena! We were just awarded a patent for Intelligent Provisioning and we're proud to announce the latest release of our core Big Data as a Service. This release of Cazena is the culmination of the past four incremental releases, all focused on security. This version delivers a new security architecture that enables end-to-end TLS encryption as well as many other security capabilities, available in all of Cazena’s managed SaaS solutions.

Each release of Cazena includes a wide range of enhancements, such as enabling new capabilities and engines in our SaaS solutions. Releases also include semi-annual upgrades to new versions of core engines (Cloudera, etc.) to the addition of new AppCloud applications, enabling you to capture more business outcomes.

While many of these features are valued, each release includes significant behind-the-scenes work that silently benefits our customers. Some of the work you don’t see includes:

  • Stronger availability enhancements, such as resource redundancy and placement.
  • Improvements to resource utilization, allowing for better CPU and disk utilization.
  • Security enhancements, tracking and applying the latest operating system patches.
  • Better monitoring and alerting, to detect and address issues before our customers even know they’ve occurred.
  • Improvements to our automated software-defined provisioning to efficiently and speedily perform system maintenance and upgrades.
  • And of course, defect fixes and miscellaneous improvements to our underlying systems.

Noteworthy in Cazena’s latest release are several industry-first capabilities:

  1.  End-to-end TLS encryption capabilities based on firewall and gateway architecture to ensure that all of Cazena’s managed SaaS solutions are encrypted from data source to tools and users
  2. Built-in Security Operations that include ongoing data and user-level logging, intrusion detection, and threat monitoring.
  3. High-Availability for Cazena services such as SQL/Impala.
  4. Over 250 security patches for the operating system and associated software packages.

Complementing our new security architecture, the recent set of Cazena updates has delivered the following user-visible features:

  • Upgrade to Cloudera CDH 5.15 – Cazena integrates and verifies the latest versions of Cloudera and automates the upgrade within our continuous integration regression suite prior to deploying it to your single-tenant production data cloud.
  • Kafka cluster support – Cazena now supports the automated integration and provisioning of Kafka clusters within Cazena allowing you to efficiently stream data from your enterprise into Cazena.

Let’s dive a bit deeper into Cazena’s security philosophy.

Cazena Security: Zero Trust

Cazena applies a Zero Trust security architecture across our environment of trusting no users, devices, application, or packets and verifying everything. This environment ensures that users accessing our environment have a legitimate business need.

To access the Cazena service all traffic must flow through our firewalls which segment each customer into security zones. Security zones allow us to isolate traffic and apply protection profiles based on our customers’ unique requirements. As an example, we can setup Data Filtering profiles to prevent sensitive, confidential, and proprietary information from leaving our network. Patterns can be defined to protect files that contain certain file properties, credit card numbers, social security numbers, or third-party data loss prevention labels.

Two core components of our Zero Trust security architecture include host-based intrusion detection and vulnerability management:

  • Host-based Intrusion Detection - Our Host-based intrusion detection system addresses all workload behavior using anomaly detection algorithms and machine learning. We can detect anomalies on SSH, parent hierarchy, user privilege change, process communication, machine communication, and data transfers both internally and externally. Our solution will only alert our team on new or anomalous behavior, reducing alert noise which allows us to save time on investigations and focus on behavior that could potentially be malicious
  • Vulnerability Management - Cazena leverages vulnerability scanners in each of our customer environments that scans each node daily to reduce vulnerability blind spots. We are able to detect new vulnerabilities within 24 hours of vulnerability disclosure and remediate using automated processes.

This is just the tip of the iceberg when it comes to security at Cazena. Our goal is to enable a secure data and analytics environment, with full visibility and auditing capabilities so you can rest easy knowing your data is safe. We’ve taken a major step to achieving this goal with our latest releases.​​​ Cazena's latest release will be rolling out to each of our customer’s managed SaaS environments in the coming weeks. 

If you have any questions about features and capabilities within Cazena or would like to try Cazena, please contact me at jpiekos@cazena.com.

Thank you and Happy Spring!

Back ›