The security pitfalls of mining Big Data

(Editor’s note: In this guest essay, Laura Robinson, Chair of the Security for Business Innovation Council, outlines the security challenges in working with Big Data.)

In many ways, last year – 2012 – can be considered the year of Big Data. TIME declared “Big Data” the #2 buzzword of the year, and data scientist Nate Silver was considered by many to be the real winner of the 2012 Presidential election…forever changing how electoral campaigns are both run and won.

And, yet, despite so much early buzz, we’re truly only at the dawn of Big Data. The security industry has come to collectively recognize the power of data analytics in significantly improving threat detection and many infosec teams are evolving their current security management models to incorporate Big Data techniques.

CONTEXT:How valuable Business Intelligence can be derived from analyzing Big Data

WHITE PAPER:SBIC’s special report on security and Big Data

But, given the interest in Big Data not only for security, but also for marketing and other areas of business, it’s also crucial that infosec teams get in on the ground floor of these Big Data projects – in order to understand the unique risks involved and develop strategies to manage them.

When organizations amalgamate and processs data at unprecedented volumes and speeds, it significantly increases the complexity of access governance, data protection and regulatory compliance. Risks include over-provisioning access, inadvertently exposing personally-identifiable information and transferring data outside of a required geographical location, to name a few.

So while 2012 will be remembered as the year that Big Data entered the public lexicon, 2013 needs to be the year in which the security industry undertakes some important Big Data-related actions.

Security vendors and companies tapping into Big Data must ramp up their knowledge of Big Data technologies; monitor data access requests; make clear what can be shared and with whom; watch carefully for over-provisioning of access; and develop data-flow mapping as a core competency of the security team.

Undoubtedly Big Data will prove to be a disruptive force for the remainder of 2013 and well beyond. As enterprises accelerate implementation, the information-security team needs to ensure that it has a seat at the table as the business moves forward.

To read the SBIC’s latest trends report, Information Security Shake-Up – Disruptive Innovations to Test Security’s Mettle in 2013, click here.

Leave a Reply

Your email address will not be published. Required fields are marked *

No Comments