Data security best practices: A practical guide to implementing data encryption for InfoSphere BigInsights

Explore best practices to learn about implementing encryption for data at rest. The authors include information about architecture, requirements, performing encryption installation, and configuring policies.

Walid Rjaibi (, Chief Security Architect, Information Management, IBM

Walid Rjaibi author photoWalid Rjaibi is the chief security architect for IBM Information Management. He drives the security strategy for IM and has direct responsibility for the execution of that strategy for DB2 and PureData systems. This includes authentication, authorization, access control, data masking, auditing, and encryption. Prior to his current role, he was a research staff member at the IBM Zurich Research Lab in Switzerland, where he established and led a new research program focused on database security and privacy. His research results were the foundation for key security enhancements in DB2 LUW and for which he led the actual development efforts upon his return to DB2 LUW development in Toronto. His key data security achievements include leading the research and development of LBAC, RBAC, trusted contexts, separation of duties, and fine-grained access control. His work resulted in over 20 patents and several publications in the proceedings of leading scientific conferences. He is also a frequent speaker at industrial conferences such as International DB2 User Group, and IBM Information on Demand.

Nisanth Simon (, Staff Software Engineer, IBM

Nisanth SimonNisanth Simon is a staff software engineer working on IBM InfoSphere BigInsights. He played a key role in the development of Eclipse-based development environment for text analytics, which extract information from unstructured and semi-structured data. He has filled numerous patents and publications.

Monty Wright (, Senior Architect, Vormetric

Monty WrightMonty Wright, CISSP, has been implementing data delivery and security solutions for 16 years. He has published several articles on distributed database management topics, including high availability, performance, recovery, and security. He is currently a senior architect for Vormetric, a leading data security solution provider.

26 June 2013

This paper focuses on encryption for data at rest, specifically for data stored within InfoSphere BigInsights Hadoop. Data encryption, InfoSphere® Guardium® Data Encryption (GDE), and instructions for protecting data stored within InfoSphere BigInsights Hadoop are covered.

In this article

More and more customers from all sectors would like to take Hadoop to the next level by integrating big data with mission-critical systems and sensitive data. In order for this to happen, big data solutions need to integrate enterprise security solutions, such as encryption, access control, and auditing. In this regard, the InfoSphere Guardium activity monitoring and the InfoSphere Guardium data encryption solutions clearly emerge as leaders. They seamlessly allow you to integrate your InfoSphere BigInsights Hadoop data protection into your existing enterprise data security strategy and meet your regulatory compliance needs.

This article includes discussions of:

  • Data encryption requirements (runtime and key management)
  • Guardium data encryption architecture
  • Installing Guardium data encryption
  • Configuring encryption policies (new and existing data)


Article in PDF formatEncryption_1.4.pdf2914KB
Zone=Big data and analytics, Information Management
SummaryTitle=Data security best practices: A practical guide to implementing data encryption for InfoSphere BigInsights