Getting to grips with Big Data security
Davey Winder asked the big security questions about Big Data and has found experts with the answers...
"It's not just the new-found availability of that data and the fact that the tools are still very immature," Steve Totman, director of strategy and data integration at Syncsort insists, adding "but also the potential sensitivity of the information hidden inside that data that can now be discovered, that brings security challenges."
No security program can be complete without knowing where the risks are and where the potential for threats may lie.
Indeed, working with Big Data implies that you're collecting and maintaining vast quantities of often customer-oriented data, for long periods of time. In the past, enterprises might have only saved certain information such as name, credit card information, shipping address, and purchase history.
With the emergence of Big Data analytics systems, much more information is collected and analysed in order to refine targeted marketing and sales efforts.
"Often this information is collected from social media tools, including TripIt, Foursquare, Facebook and LinkedIn," according to Scott Register, senior director of product management at Ixia Network Visibility Systems. "This vast information repository gives financially-motivated hackers a larger target to exploit in order to steal identities, open false accounts, or target individuals for highly refined spear-fishing attacks." Or, as the chief security officer at Tenable Network Security, Marcus J Ranum, rather starkly puts it: "Aggregating large amounts of information into a single system will result in storage savings and administrative savings in return for having it all in a nice single place where it can all be stolen at once."
Ranum observes that more often than not security doesn't get designed into such aggregations and consequently security gets worse. With IBM estimating that 90 per cent of the world's data has been created in the last two years alone, that's a staggering rate of data creation and capture and one that quite markedly changes the data security environment completely.
"A single data set may demand different storage requirements and access from many parts of the world," Matt Torrens, Director at SproutIT explains. "For example, data accessed most frequently may need to be housed in Tier1 storage environments conversely, archived data that is barely ever required, may be placed on lower tier storage, to save on cost. Unfortunately, lower tier storage very often is bundled with lower levels of security and privacy controls."
The biggest challenge of all, perhaps, is that security all too often conflicts with a need for high performance and flexibility. "The purpose of Big Data is at odds with that of security," Raistrick states. "Big Data is all about flexibility, speed of access and volume whereas security is focused on visibility, control and protection."
That leaves us with the biggest question of them all in need of answers: how can the enterprise best mitigate against Big Data insecurity? According to Stephen Keenan, vice president of Verizon in the UK and Ireland, it comes down to the criticality of discovering and identifying all data within the enterprise, at rest or in transit.
"No security program can be complete without knowing where the risks are and where the potential for threats may lie," Keenan explains, suggesting that when considering Big Data quantities enterprises should ask themselves three basic questions: Where is the data? What is the discovered data and to whom does it belong? How is this identified data used and why is it important? Which will all sound very familiar to anyone with a smidgeon of knowledge of the IT Security business.
Indeed, it's true to say that dealing with Big Data security issues really doesn't involve anything to revolutionary, rather it's a matter of implementing principles and frameworks already deeply rooted in data governance strategy and not merely relying on products or tools. "Caution should be exercised to ensure that the performance and agility of Big Data solutions are not restricted," warns Sean Narayanan, chief delivery officer with iGATE, who recommends a balanced approach that involves the following as key guiding principles:
1) Evaluate the security capability of Big Data in relation to business analytics.
2) Define the privacy rules for Big Data implementations.
3) Implement the right product sets and measures to keep data secure by knowing exactly who has access to what data, including all suppliers and third parties.
4) Ensure that the data is indeed authenticated so that no third-party has purposefully or accidentally changed any content.