Getting to grips with Big Data security

Davey Winder asked the big security questions about Big Data and has found experts with the answers...

To conclude then, there are two separate challenges facing the enterprise wishing to embrace the Big Data revolution safely. As John Thielens, chief security officer at Axway, told IT Pro: "First, organisations implementing Big Data need to take security into account as a top level requirement in the project, especially as new and potentially unfamiliar technologies are brought to bear: massive data warehouses, distributed computing, open source platforms and tools, and cloud.

"But Big Data also represents a powerful new offensive and defensive security weapon, so organisations must also be prepared to participate in this arms race in a more general sense."

Both are potential pitfalls, and many security experts are simply not convinced that all organisations are yet taking a broad enough view...

Does Big Data Security = Big Cost?

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Martin Sugden, CEO of data security software firm Boldon James, acknowledges that security costs money. With training, people and systems all sucking up the budget.

"If you apply a one size fits all approach your cost will expand as your data expands," Sugden warns IT Pro readers. "You have to know what data you are dealing with. This means involving the user, getting them to take responsibility. You get an immediate increase in the number of security savvy people for limited cost when you train the users."

"If you understand the unstructured data and you can reduce what you store, this saves money. "If it truly is chaff then you don't need to spend lots of money protecting it," Sugden concludes.

The Big Data lifecycle

Jamal Elmellas, technical director of independent security consultancy Auriga Consulting, argues that the data lifecycle is key. He believes you have to understand the life cycle and then bake in security at the relevant stages.

"There isn't a one-size-fits-all approach, following good security principles is an excellent start, making sure you apply the right amount of security so as to not impede the velocity element of Big Data," Elmellas says.

Advertisement - Article continues below

"Legislation must also be a key consideration, for example the Data Protection Act (DPA) must not be underestimated or forgotten in the quest to deliver the business strategy. The data foot print can be huge and complicated, mapping this process ensures you don't get caught out, especially in regards to sanitising data sets that no longer have any use. Understand the Big Data Lifecycle and the business strategy, build security controls that don't impede the process". [

Don't build it backwards

Marcus J Ranum, chief security officer at Tenable Network Security, warns the enterprise not to repeat the mistakes of the recent past.

"I'm a little unconvinced about Big Data's claims of ROI to begin with. It seems to me that the way it's being pushed is backwards. Whenever I read about Big Data it seems to sound more like build it first, then a whole bunch of magic will happen.' In security, we went through this five years ago, when everyone was being told to buy a SEIM' and (basically) that it would figure out and solve all the organisation's security problems," he says.

"Of course, everyone discovered that in order to get the ROI out of the SEIM they needed to spend a lot of time figuring out what data was in it, managing the SEIM, and programming it. Processes like Big Data and SEIM require knowledge-working analysts and an understanding of the purpose of the data - otherwise the chance of failure is increased considerably." 

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020