I agree that "One of the top risks is the creation of new silos for application identity -- separating big data security from the rest and soon creating a divergence between systems." I recently read the Gartner Report "Big Data Needs a Data-Centric Security Focus" concluding "In order to avoid security chaos, Chief Information Security Officers (CISOs) need to approach big data through a data-centric approach.
Gartner also stated that "the market has so far failed to offer CISOs the data-centric audit and protection (DCAP) products they need to operate across all silos with consistency." The good news is that Big Data distributions, like Hortonworks, recently started to include the type of advanced security features that Gartner is recommending, including dynamic masking, fine grained encryption, and data tokenization.
I think that several different data protection options are needed to support different use cases and provide the performance and scalability we expect from Big Data. I list a couple of data centric approaches that can be useful:
Apply data protection at database, application or file-level outside Hadoop. Transfer data to staging area (edge node) and apply data protection outside Hadoop. Apply volume-level encryption within Hadoop. Extend Hbase, Pig, Hive, Flume and Sqoop job function using data protection API within Hadoop. Extend MapReduce framework with data protection API within Hadoop. Apply transparent HDFS folder and file encryption. Import de-identified data into Hadoop. Export de-identified data for input into BI applications. Export identifiable data to trusted sources. Export audit data for monitoring, reporting and analysis.
Read more about this topic at  
Ulf Mattsson, CTO Protegrity
Shared publicly