BDEncrypt Plus

Get Data Encryption + Integrity Protection – WATCH THE VIDEO

The Ultimate Protection for Big Data

The increased frequency and sophistication of high-profile data breaches and malicious hacking is putting organizations at continued risk of data theft and significant business disruption. Massive attack surface of big data stores like Hadoop makes them even more vulnerable to unauthorized intrusion. BDEncrypt Plus (Big Data Encryption+) from Zettaset is the most advanced and sophisticated encryption solution available for Big Data environments like Hadoop. BDEncrypt Plus does more than any other existing encryption product to protect Hadoop data stores and prevent unauthorized access to highly-sensitive data, cyphertext, and access control lists.

The only encryption solution that authenticates encrypted data to assure data integrity, and cryptographically protects access control lists (ACLs) to protect data from unauthorized tampering and theft by malicious attackers, from within or outside an organization.

BDEncrypt Plus – Solution Highlights
  • Provides ultra-secure authenticated encryption using associated data (AEAD) to protect encrypted data from unauthorized ciphertext modification
  • Prevents outside hackers or malicious insiders from surreptitiously modifying access control lists (ACLs) and accessing sensitive data
  • Utilizes Galois/Counter encryption mode (GCM) for enhanced performance and efficiency
  • Protects against stealthy and highly-damaging chosen-ciphertext attacks (CCAs)
  • Optimized for multi-node Big Data distributed computing architectures like Hadoop
Function Zettaset BDEncrypt Plus Capability
Verifiable Data Integrity and Authentication Provides authenticated encryption using associated data (AEAD).  Performs encryption and authentication concurrently.  Guarantees data is encrypted and protects the authenticity of that encrypted data.
Cryptographic Protection for ACLs Cryptographically secures access control lists (ACLs).  Prevents an attacker from modifying the ACL and using those changes to gain unauthorized access to data.
High Performance Encryption Mode Uses GCM (Galois/counter mode). GCM combines well-known CTR (counter) mode of encryption with the new Galois mode of authentication.  Adopted for efficiency and performance in large database environments like Hadoop.
HDFS Xattrs Support Works with any HDFS file class including Xattrs (extended attributes) distros such as HDP, PHD, CDH, etc.
Hadoop Distribution Support Compatible with any Hadoop distribution.
High-Granularity Encryption High granularity.  Enables admin to specify a unique key per zone, per directory, and per file.  Minimizes the risk of data theft when a single user is compromised.
Multiple File System Support Designed to support multiple files systems, including HDFS, GPFS, Isilon OneFS.  Others file systems are being continually added.
Cluster / Distributed Computing-Aware Cluster and distributed computing-aware. Optimized for HDFS. Uses distributed policy servers.
Automatic Key Zone Management Automatically creates and manages zone keys in accordance with Active Directory.
KMIP Standard Compliance (Key Managers) KMIP-compliant (Key Management Interoperability Protocol).  Integrates with KMIP standards-based key managers from leading systems vendors including HP, Thales, IBM, Utimaco, and others.  Fits into existing encryption frameworks.
PKCS#11 Standard Compliance (HSMs) PKCS#11 compliant (Public Key Cryptography Standard).  Integrates with PKCS standards-based HSMs (hardware security modules) from leading vendors.  Encryption keys securely stored outside of server; data is not compromised if storage media is hacked or stolen.
Fast and Easy Deployment Can be installed and managed with Apache Ambari or commonly-available CLI tools (Ansible, Puppet, Chef).
Additional hardware or software requirements No additional software or hardware required. Completely self-contained software solution.

Customers can choose from two Zettaset Big Data Encryption products: BDEncrypt, and BDEncrypt Plus. While specific feature sets of each product vary, both provide a high-performance, commercial-grade, standards-based, encryption solution that is optimized for protection, performance, and scalability in big data environments like Hadoop.

BDEncrypt is a high-performance, partition-level encryption solution that is ideal for bulk encryption of stored data. Easily deployed via Ambari or CLI, it utilizes Advanced Encryption Standard (AES) 256-bit encryption, the highest level attainable. AES has been adopted by the U.S. government and is now used worldwide. BDEncrypt can be applied to both data-at-rest, and data-in-motion.

BDEncrypt Plus includes all of the capabilities of BDEncrypt, but is designed to perform selective and granular data encryption down to the file-level. Encrypting and decrypting data at the file-level opens up the possibilities of unauthorized access, and calls for additional levels of data protection. BDEncrypt Plus provides additional data protection in two unique ways: (1) Authenticated encryption using associated data (AEAD) with Galois/counter mode (GCM), and (2) Cryptographic protection for access control lists (ACLs) to prevent unauthorized access to encrypted data. BDEncrypt Plus also supports HDFS Xattrs (extended attributes) to enhance data-at-rest encryption.

Zettaset Big Data Encryption Products – Side-by-side Comparison
Capability
Zettaset BDEncrypt Plus
Zettaset BDEncrypt
Verifiable Data Integrity and Authentication with AEAD and GCM
X
Cryptographic Protection for ACLs
X
HDFS Xattrs Support
X
Selective File-level Encryption
X
Bulk Partition-level
Encryption
X
X
Compatible with Any Hadoop Distribution
X
X
Multiple File System Support
X
X
Advanced Encryption (AES) Standard 256-bit
X
X
AES-NI Accelerated Performance Support
X
X
Data-at-Rest Encryption
X
X
Data-in-Motion Encryption
X
X
Compatible with KMIP Standard Key Managers
X
X
Compatible with PKCS #11 Standard HSMs
X
X
Encrypts Existing Data
X
X
Manageable via
Ambari or CLI
X
X

Learn more about partner-certified encryption solutions using Zettaset BDEncrypt and BDEcrypt Plus

BDEncrypt Plus Solution BriefBDEncrypt Plus Solution Brief
Zettaset Encryption SuiteZettaset Encryption Suite

Try Our Software

Register and Download Zettaset BDEncrypt Plus on the HDP Sandbox


Our
Resources
Corporate
FactSheet
Our Resources