Security is essential for organizations that store and process sensitive data in the Punch ecosystem. Many organizations must adhere to strict corporate security polices.
Punch as a platform is used for collecting data from geographic distributed systems and large-scale processing (parsing, correlation, aggregation). Adding security to Punch is challenging because not all of the interactions follow the classic client-server pattern.
- In Elasticsearch, the data is partitioned and distributed, requiring authorization checks at the multiple points.
- A submitted channel or service is executed at a later time on nodes different than the node on which the client authenticated and submitted the channel or service.
- Secondary features such as STORM-UI accesses to topologies on behalf of users.
- Storm, Spark, Kafka cluster scales to thousands of servers and tens of thousands of concurrent tasks.
Punch provides new generation of Big Data analytics with Punch Machine Learning (PML) but can also increase the number of access points to an organization's dara. As diverse types of enterprise data are pulled together into a central repository, the inherent security risks can increase.
Punch understands the importance of the security and governance for every business. To ensure effective protection for its customers, Punch uses a holistic approach based on core security features:
This chapter provides an overview of the security features implemented in the Punch. Subsequent chapters in this guide provide more details on each of these security features.