Getting to grips with Big Data security
Davey Winder asked the big security questions about Big Data and has found experts with the answers...
To conclude then, there are two separate challenges facing the enterprise wishing to embrace the Big Data revolution safely. As John Thielens, chief security officer at Axway, told IT Pro: "First, organisations implementing Big Data need to take security into account as a top level requirement in the project, especially as new and potentially unfamiliar technologies are brought to bear: massive data warehouses, distributed computing, open source platforms and tools, and cloud.
"But Big Data also represents a powerful new offensive and defensive security weapon, so organisations must also be prepared to participate in this arms race in a more general sense."
Both are potential pitfalls, and many security experts are simply not convinced that all organisations are yet taking a broad enough view...
Does Big Data Security = Big Cost?
Martin Sugden, CEO of data security software firm Boldon James, acknowledges that security costs money. With training, people and systems all sucking up the budget.
"If you apply a one size fits all approach your cost will expand as your data expands," Sugden warns IT Pro readers. "You have to know what data you are dealing with. This means involving the user, getting them to take responsibility. You get an immediate increase in the number of security savvy people for limited cost when you train the users."
"If you understand the unstructured data and you can reduce what you store, this saves money. "If it truly is chaff then you don't need to spend lots of money protecting it," Sugden concludes.
The Big Data lifecycle
Jamal Elmellas, technical director of independent security consultancy Auriga Consulting, argues that the data lifecycle is key. He believes you have to understand the life cycle and then bake in security at the relevant stages.
"There isn't a one-size-fits-all approach, following good security principles is an excellent start, making sure you apply the right amount of security so as to not impede the velocity element of Big Data," Elmellas says.
"Legislation must also be a key consideration, for example the Data Protection Act (DPA) must not be underestimated or forgotten in the quest to deliver the business strategy. The data foot print can be huge and complicated, mapping this process ensures you don't get caught out, especially in regards to sanitising data sets that no longer have any use. Understand the Big Data Lifecycle and the business strategy, build security controls that don't impede the process". [
Don't build it backwards
Marcus J Ranum, chief security officer at Tenable Network Security, warns the enterprise not to repeat the mistakes of the recent past.
"I'm a little unconvinced about Big Data's claims of ROI to begin with. It seems to me that the way it's being pushed is backwards. Whenever I read about Big Data it seems to sound more like build it first, then a whole bunch of magic will happen.' In security, we went through this five years ago, when everyone was being told to buy a SEIM' and (basically) that it would figure out and solve all the organisation's security problems," he says.
"Of course, everyone discovered that in order to get the ROI out of the SEIM they needed to spend a lot of time figuring out what data was in it, managing the SEIM, and programming it. Processes like Big Data and SEIM require knowledge-working analysts and an understanding of the purpose of the data - otherwise the chance of failure is increased considerably."