Define, dissect and defend
So, as business leaders turn to Big Data to spawn what they hope will be lucrative business ideas, while in the process improving efficiency and agility, someone has to protect these data stores, which, analysts say, provide an attractive target for hackers – and potentially a single point of failure for organizations.
“As security professionals, we need to realize we're eventually going to be asked to be the security custodians of this data,” Forrester's Kindervag says.According to a June 2011 report from IDC, titled “Extracting Value from Chaos,” the market analyst firm concluded that less than a third of all information in the “digital universe” contains at least “minimal” protection, while only half of all information that should be safeguarded actually is.
That might be a bitter pill to swallow for security professionals, who are well-versed in the sophistication and intentions of today's cyber criminals, particularly well-funded nation-state adversaries who use low-and-slow techniques, known as advanced persistent threats (APT), to target coveted intellectual property, and then slowly and stealthily siphon out the booty without anyone noticing.“If I'm a hacker of Anonymous, or part of an APT group, I'm really excited about the Big Data concept,” Kindervag says. “This is like Christmas to me. I don't have to steal something from each individual store. I can steal the presents under the tree.”
Implementing proper access controls is important to safeguarding Big Data, he says. But encryption may be the real saving grace because it renders data unreadable. “It's the only thing that's going to protect us against these nation-state attacks,” he says. “We're never going to keep ahead of those guys.”
But before deploying that sometimes difficult-to-manage technology, organizations must first define their data by discovering and classifying it. In other words, they need to decipher which are their most “toxic” assets. Then, they can dissect them.“That's the exciting stage,” he says. “My fear is they won't do stage one and they'll do stage two, and people will steal stuff and they won't know it because the data hasn't been classified, and people don't know how valuable it is.”
That's not a problem at Zions, Wood says, where the security team has become the corporation's champion of Big Data.
“We treat this environment as any environment within our organization,” he says. “Whatever security policies and controls you have, your Big Data repository needs to be looked at in the same light. Every technology has got things that need to be considered about how you secure it. It's like any new process or application.”
BIG DATA: The three Vs
Volume – Big Data comes in one size: large. Enterprises are awash with data, easily amassing terabytes and even petabytes of information.
Velocity – Oftentime, sensitive Big Data must be used as it is streaming in to the enterprise in order to maximize its value to the business.
Variety – Big Data extends beyond structured data, including unstructured data of all varieties: text, audio, video, click streams, log files and more.