Big data means big security
Information security must not be forgotten in the rush to manage large volumes of diverse data, notes Paul Ayers
Companies are retaining increasing amounts of unstructured data in the hope of one day turning it into actionable business intelligence.
But massive data stores may also contain significant amounts of "toxic" data – data that could be damaging to an organisation if it escapes that organisation's control.
So there is a dual security challenge: customers must both understand where their sensitive data resides and how to secure it. Business infrastructure no longer comprises a few discrete data stores, such as simple databases and file servers.
Instead, data is dispersed across multiple conjoined network types, incorporating all sorts of sensitive data – human resources records, credit card and payment information, customer details, all kinds of intellectual property, and even transactional and warehouse data – and conventional network layer controls are no longer sufficient protection.
The most notable big data platforms – Hadoop, MongoDB, Cassandra and CouchDB – contain no native security provisions of their own.
The channel must therefore move to implement security around big data projects, not least to help customers avoid an unexpected breach of data protection laws.
So, when it is all about putting the data to better use, how do you design the right controls?
Only by placing controls on the data itself can companies be assured that sensitive data is kept secure and confidential. And I would add that the best way to achieve this is through encryption that includes access control.
There is no need to modify applications or re-architect storage infrastructure. Big data systems are typically cloud based and will often require tasks to be strictly separated, so data can only be accessed or viewed by authorised parties.
This can also remove the custodial risk associated with the infrastructure providers and administrators, if they cannot view data they are not supposed to.
Organisations under mounting pressure to become more efficient are going to invest in big data platforms. Information security, though, also needs to be considered alongside regulatory compliance. Due diligence must be extended to big data platforms.
Paul Ayers is EMEA vice president at Vormetric