Implementation of policies in Data-Centric Security Solutions: A Case Study

Implementation of policies in Data-Centric Security Solutions: A Case Study One of the most crucial aspects that a company must take into account is the data it has to manage. So as organizations' endpoints evolve and the use of cloud solutions increases, it is important to introduce a new approach to improve the security and privacy of the data being handled. In addition to providing these capabilities, the paradigm shift to cloud solutions allows for easier data management and lower costs for organizations, which translates into gains in both economic terms and efficiency for both the provider and the user of the service. The application environments of Data-Centric Security (DCS) are varied and range from the military to healthcare to IoT device management, even being able to intersect with each other. The very fact of applying security to the data, as well as to the platform or device in use, makes the whole system more flexible and because of this the applicability varies greatly. Metadata are fundamental to practical application, whether data or users, in the former case describing the resource by making its object explicit, defining its structure and relationships with other resources, indicating who can use it, how and for how long, while in the latter case they assign roles or attributes to enable the implementation of Role Based Access Control (RBAC) and Attribute Based Access Control (ABAC). DCS makes it easy for companies to implement the European GDPR regulation in a way that ensures that citizens have fair and correct use of their data throughout the entire lifecycle: by implementing security policies and using metadata they can ensure these capabilities. GDPR represents in the field of regulations a very modern, user-centered approach, and although it has weaknesses that can be improved, its strengths summarized by the seven basic principles it represents have been copied worldwide. Cryptography does not become second nature because it always retains the key role of ensuring confidentiality, data integrity, authentication, access control and non-repudiation, so the use of Data-Centric Security should be seen as an additional layer of security to the entire system. Nowadays there are several frameworks and tools on the market to take full advantage of the potential of this data-centric approach, and I can interface with other existing tools to have 360-degree control over data management to ensure data integration, data governance and monitoring. This thesis work outlines the practical applications of DCSs and technical information on the frameworks and platforms that adopt them, along with the various hardware components, such as logical gateways and proxies, and application models, such as Extract, Transform and Load (ETL), to effectively apply the DCS paradigm. The topic covered in this thesis comes from a 900-hour internship at PricewaterhouseCoopers Business Services S.r.l. during which Data-Centric Security was addressed using Apache Ranger, a framework for enabling, monitoring and managing comprehensive data security on the Hadoop platform. Central to the use of this tool has been the analysis, implementation and testing of security policies of access control, dynamic data masking and row-level filtering, both with automatic tools using REST APIs and with the User Interface (UI). The thesis also discusses the architecture of Apache Ranger itself with the various components with which it can interact, of which only Hive was used in the project.