Getting to grips with Big Data security

Davey Winder asked the big security questions about Big Data and has found experts with the answers...

To conclude then, there are two separate challenges facing the enterprise wishing to embrace the Big Data revolution safely. As John Thielens, chief security officer at Axway, told IT Pro: "First, organisations implementing Big Data need to take security into account as a top level requirement in the project, especially as new and potentially unfamiliar technologies are brought to bear: massive data warehouses, distributed computing, open source platforms and tools, and cloud.

"But Big Data also represents a powerful new offensive and defensive security weapon, so organisations must also be prepared to participate in this arms race in a more general sense."

Both are potential pitfalls, and many security experts are simply not convinced that all organisations are yet taking a broad enough view...

Does Big Data Security = Big Cost?

Martin Sugden, CEO of data security software firm Boldon James, acknowledges that security costs money. With training, people and systems all sucking up the budget.

"If you apply a one size fits all approach your cost will expand as your data expands," Sugden warns IT Pro readers. "You have to know what data you are dealing with. This means involving the user, getting them to take responsibility. You get an immediate increase in the number of security savvy people for limited cost when you train the users."

"If you understand the unstructured data and you can reduce what you store, this saves money. "If it truly is chaff then you don't need to spend lots of money protecting it," Sugden concludes.

The Big Data lifecycle

Jamal Elmellas, technical director of independent security consultancy Auriga Consulting, argues that the data lifecycle is key. He believes you have to understand the life cycle and then bake in security at the relevant stages.

"There isn't a one-size-fits-all approach, following good security principles is an excellent start, making sure you apply the right amount of security so as to not impede the velocity element of Big Data," Elmellas says.

"Legislation must also be a key consideration, for example the Data Protection Act (DPA) must not be underestimated or forgotten in the quest to deliver the business strategy. The data foot print can be huge and complicated, mapping this process ensures you don't get caught out, especially in regards to sanitising data sets that no longer have any use. Understand the Big Data Lifecycle and the business strategy, build security controls that don't impede the process". [

Don't build it backwards

Marcus J Ranum, chief security officer at Tenable Network Security, warns the enterprise not to repeat the mistakes of the recent past.

"I'm a little unconvinced about Big Data's claims of ROI to begin with. It seems to me that the way it's being pushed is backwards. Whenever I read about Big Data it seems to sound more like build it first, then a whole bunch of magic will happen.' In security, we went through this five years ago, when everyone was being told to buy a SEIM' and (basically) that it would figure out and solve all the organisation's security problems," he says.

"Of course, everyone discovered that in order to get the ROI out of the SEIM they needed to spend a lot of time figuring out what data was in it, managing the SEIM, and programming it. Processes like Big Data and SEIM require knowledge-working analysts and an understanding of the purpose of the data - otherwise the chance of failure is increased considerably." 

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021
What is cyber warfare?

What is cyber warfare?

15 Oct 2021