Big-Data Can Lead to Big Security Risks

Andrew Froehlich, Network Engineer & IT Consultant | 1/23/2013 | 15 comments

Andrew Froehlich
Big-data will gain momentum in 2013 thanks to the maturing of advanced databases and semantic technologies. While the business side is dreaming of the riches big-data promises in the form of new products and business insights, your IT department gets stuck with a monumental task: security.

As fields and records continue to grow within databases such as Hadoop (a frequent topic here), things can get overwhelming. At some point, database managers can lose focus and allow human error to kick in. Access to sensitive datasets can easily be granted to the wrong groups of users. That can lead to a downward spiral where confidential data begins leaking out of your massive database without your ever learning about it.

This is especially troubling for companies that are looking to build big-data stacks for highly sensitive subject matter, such as financial information or health records. Smaller databases are easier to manage and have fewer groups of users looking to tap that information. But with big-data, everything is stored under one roof, and there are lots of users who are clamoring to get their hands on all that malleable (and valuable) information.

If they're going to have all this data, it is important for CIOs to concentrate on the basics first, including security. They need to make sure their database administrators are careful to organize the data in a clear and meaningful way. They must always have a sharp eye on the most sensitive pieces of information. They need to know where this data resides at all times and who should have access. Data classification and data flow mappings are crucial, especially from a compliance perspective. It's best that both your database administrators and your security administrators fully understand how these function within the database.

It is also important to monitor and regularly audit data requests from various groups. Ask why a particular user or group needs to be granted access to specific datasets -- or access to the database at all. Databases should be treated with the utmost respect, and that includes strictly limiting access to a narrow group of users. You may end up looking like the bad guy, but at least you'll keep your data safe. And from a career longevity standpoint, it's better to protect your data than it is to make friends with the marketing or sales team.

Before you take your ambitious big-data goals and run with them, take the time to plan out your organization's strategy. Make sure all administrators understand the ground rules and have detailed policies to handle day-to-day operations, as well as security incidents. Believe me -- they will occur. When you're dealing with the amounts of data these databases can collect and manipulate, even the most organized database administrators are likely to make mistakes from time to time.

View Comments: Newest First | Oldest First | Threaded View
Page 1 / 2   >   >>
nasimson   Big-Data Can Lead to Big Security Risks   2/28/2013 2:22:29 PM
Re: Changing security needs
@MDMConsultant: Even if these prevention techniques are highlighted to the customers or communicated in any way, customers can learn themselves.
MDMConsult   Big-Data Can Lead to Big Security Risks   1/27/2013 1:37:08 PM
Re: Changing security needs
Educating end users on best practices is crucial. Now is an important time to do so. Performing risk assessments is a good way to mitigate. Understanding where a lot of the risk and vulnerabilities are can add to prevention and identify problems. Good risk management practices can prevent emerging security risks and threats.

 
nasimson   Big-Data Can Lead to Big Security Risks   1/27/2013 1:35:17 PM
Re: Big-Data Can Lead to Big Security Risks
@Curtis: Well, if its the doing of insiders, I believe there is no power in this world that can "stop" them. Yes, they might get caught in the end, however, blocking an intrusion of data from the inside will be as tough as trying to stop a suicide attack.
nasimson   Big-Data Can Lead to Big Security Risks   1/27/2013 1:30:37 PM
Re: Changing security needs
@kstaron: Maybe this will help a bit.

http://www.computerworld.com/s/article/9002188/Top_10_ways_to_secure_your_stored_data

 

It surely did work for me. 
nasimson   Big-Data Can Lead to Big Security Risks   1/27/2013 1:29:31 PM
Re: Changing security needs
@MDMConsultant: Keeping in view the growing threat of data breaches, yes it's high time, we, the end-users should be well equipped with almost all the techniques to protect our sensitive data.
MDMConsult   Big-Data Can Lead to Big Security Risks   1/27/2013 11:11:24 AM
Re: Changing security needs
Yes, data security and breaches are a known fact. Amongst all types of organizations to date. The majority of these attacks can be prevented by implementing basic security measures. There has to be faster adoption to learning how to deal with these issues and more aggressively.
kstaron   Big-Data Can Lead to Big Security Risks   1/25/2013 9:10:58 AM
Changing security needs
It freaks me out a little that as a tiny part of that big data my finacial data and health data is floating around as companies try to come to grips with who get access to it. For any companies starting to handle big data, how are you changing your security to compensate?
CurtisFranklin   Big-Data Can Lead to Big Security Risks   1/24/2013 11:35:13 PM
Re: Big-Data Can Lead to Big Security Risks
@Andrew, you're absolutely right: If companies really wrapped their collective heads around the fact that some of the biggest dangers to their data come from insiders it would make for much different policies in much of the industry.
Susan Nunziata   Big-Data Can Lead to Big Security Risks   1/24/2013 7:03:57 PM
Solid advice
Thanks Andrew, this is really valuable guidance. What has been the most egregious fallout you've seen in companies that have failed to implement these measures? Any specific examples?
Andrew Froehlich   Big-Data Can Lead to Big Security Risks   1/24/2013 12:44:37 PM
Re: Big-Data Can Lead to Big Security Risks
You're right Curt - There's just no interest in it from job or responsibility change perspective. I think much of the reason has to do with people thinking "well, they're still part of the company, so the risk is low". But as we all know, this type of thinking can lead to all kinds of problems down the road.
User Ranking: Blogger
Page 1 / 2   >   >>


The blogs and comments posted on EnterpriseEfficiency.com do not reflect the views of TechWeb, EnterpriseEfficiency.com, or its sponsors. EnterpriseEfficiency.com, TechWeb, and its sponsors do not assume responsibility for any comments, claims, or opinions made by authors and bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.

More Blogs from Andrew Froehlich
Andrew Froehlich   5/6/2014   13 comments
Not all clouds are equal. That's a pretty obvious statement that we can all agree on. Cloud service providers offer differing levels of services, redundancy, and customer service -- all at ...
Andrew Froehlich   4/30/2014   10 comments
In order for enterprise employees to work together as one unified group, they must follow carefully written policies and procedures -- but every once in a while, you may find yourself in ...
Andrew Froehlich   4/22/2014   49 comments
For those of us who study enterprise IT security, last year's Target store hack turned out to be a fantastic case study that was loaded with lessons to learn.
Andrew Froehlich   4/16/2014   22 comments
With news that Google slashed the price of their big-data offering "Big Query" by up to 85 percent, one has to wonder if the move is to ward off competitors -- or simply that the ...
Andrew Froehlich   3/18/2014   27 comments
At a recent South By Southwest Interactive conference in Austin, Edward Snowden said the NSA is "setting fire to the future of the Internet." In light of this, the World Wide Web ...
Latest Archived Broadcast
In this episode, you'll learn how to stretch the limits of your private cloud -- and how to recognize the limits that can't be exceeded.
On-demand Video with Chat
IT has to deploy Server 2012 in a way that fits the architecture of its application delivery system.
E2 IT Migration Zones
IT Migration Zone - UK
Why PowerShell Is Important
Reduce the Windows 8 Footprint for VDI
Rethinking Storage Management
IT Migration Zone - FR
SQL Server : 240 To de mémoire flash pour votre data warehouse
Quand Office vient booster les revenus Cloud et Android de Microsoft
Windows Phone : Nokia veut davantage d'applications (et les utilisateurs aussi)
IT Migration Zone - DE
Cloud Computing: Warum Unternehmen trotz NSA auf die „private“ Wolke setzen sollten
Cloud Computing bleibt Wachstumsmarkt – Windows Azure ist Vorreiter
Like Us on Facebook
Twitter Feed
Enterprise Efficiency Twitter Feed
Site Moderators Wanted
Enterprise Efficiency is looking for engaged readers to moderate the message boards on this site. Engage in high-IQ conversations with IT industry leaders; earn kudos and perks. Interested? E-mail:
moderators@enterpriseefficiency.com
Informed CIO: Dollars & Sense: Virtual Desktop Infrastructure
Cut through the VDI hype and get the full picture -- including ROI and the impact on your Data Center -- to make an informed decision about your virtual desktop infrastructure deployments.

Read the full report
Virtualization Management: Time To Get Serious
Welcome to the backside of the virtualization wave. Discover the state of virtualization management and where analysts are predicting it is heading

Read the full report
PUBLIC SECTOR RESOURCES
WHITE PAPERS
A Video Case Study – Translational Genomics Research Institute
e2 Storage Video


On the Case
TGen IT: Where We're Going Next

7|11|12   |   08:12   |   10 comments


Now that TGen has broken new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions, the company discusses what will come next for it and for personalized medicine.
On the Case
Better Care Through Better Communications

6|6|12   |   02:24   |   11 comments


The achievements of the TGen/Dell project could improve how all people receive healthcare, because they are creating ways to improve end-to-end communication of medical data.
On the Case
TGen IT: Where We Are Now

5|15|12   |   06:58   |   6 comments


TGen is breaking new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions.
On the Case
TGen IT: Where We Were

4|27|12   |   06:45   |   10 comments


The Translational Genomics Research Institute wanted to save lives, but its efforts were hobbled by immense computing challenges related to collecting, processing, sharing, and storing enormous amounts of data.
On the Case
1,200% Faster

4|18|12   |   02:27   |   12 comments


Through their partnership, Dell and TGen have increased the speed of TGen’s medical research by 1,200 percent.
On the Case
IT May Improve Children's Chances of Survival

4|17|12   |   02:12   |   8 comments


IT is helping medical researchers reach breakthroughs in a way and pace never seen before.
On the Case
Medical Advances in the Cloud

4|10|12   |   1:25   |   5 comments


TGen and Dell are pushing the boundaries of computing, and harnessing the power of the cloud to improve healthcare.
On the Case
TGen: Living the Mission

4|9|12   |   2:25   |   3 comments


TGen's CIO puts the organizational mission at the heart of everything the IT staff does.
On the Case
TGen Speeding Up Biomedical Research to Save More Lives

4|5|12   |   1:59   |   6 comments


The Translational Genomics Research Institute is revamping its computing to improve speed, storage, and collaboration – and, most importantly, to save lives.
On the Case
Computing Power Helping to Save Children's Lives

3|28|12   |   2:13   |   3 comments


The Translational Genomics Institute’s partnership with Dell is enabling them to treat kids with neuroblastoma more quickly and save more lives.
Tom Nolle
How Deep Is My Storage Hierarchy?

7|3|12   |   2:13   |   5 comments


At the GigaOM Structure conference, a startup announced a cloud and virtualization storage optimizing approach that shows there's still a lot of thinking to be done on the way storage joins the virtual world.
E2 Interview
What Other Industries Can Learn From Financial Services

6|13|12   |   02:08   |   3 comments


We asked CIO Steve Rubinow what CIOs in other industries can learn from the financial services industry about datacenter efficiency, security, and green computing.
E2 Interview
Removing Big-Data Flow Bottlenecks

6|12|12   |   02:55   |   No comments


We ask CIO Steve Rubinow what pieces of financial services infrastructure need to perform better to get traders info faster.
E2 Interview
Getting Traders the Data They Need

6|11|12   |   02:04   |   1 comment


We ask CIO Steve Rubinow: What do stock market traders need to know, how fast do they need it, and how can CIOs get it to them?
E2 Interview
Can IT Help Fix the Global Economy?

6|8|12   |   02:32   |   2 comments


We ask CIO Steve Rubinow whether today's IT can help repair the global economy (and if IT played any role in the economy's collapse).
E2 Interview
More Competitive Business via Datacenter Strategy

5|4|12   |   2:46   |   1 comment


Businesses need to be competitive, yet efficient, and both goals affect datacenter design.
E2 Interview
The Recipe for Greater Efficiency

5|3|12   |   3:14   |   2 comments


Intel supplies the best ingredients to drive greater datacenter efficiency and support new compute, storage, and networking needs.
E2 Interview
Datacenters Enabling Business Transformation

5|1|12   |   06:37   |   1 comment


Dell’s Gaurav Chand says that for the first time ever datacenter technology is truly enabling all kinds of organizations to transform their business and achieve new objectives.
Tom Nolle
Cloud Data: Big AND Persistent!

3|28|12   |   2:11   |   10 comments


We always hear about "Big" data, but a real issue in cloud storage is not just bigness but also persistence. A large data model is less complicated than a big application repository that somehow needs to be accessed. The Hadoop send-program-to-data model may be the answer.
Tom Nolle
Project Lightning Streamlines Storage

2|16|12   |   2:09   |   2 comments


EMC's Project Lightning has matured into a product set, and it's important, less because it has new features or capabilities in storage technology and management, than because it may package the state of the art in a way more businesses can deploy.
Tom Nolle
Big Data Appliance Is Big News

1|12|12   |   2:18   |   No comments


Oracle's release of a Hadoop appliance for Big Data may be a signal that we're shifting to database appliances.
Tom Nolle
Myopia Can Hurt Storage Policy

12|22|11   |   2:08   |   No comments


We're at the beginning of a cloud-driven revolution in storage, but Oracle's quarter shows that enterprises are hunkering down on old concepts because they're afraid of the costs in the near term.
Sara Peters
An Untrained User & a Mobile Medical Device

12|19|11   |   2:43   |   11 comments


Untrained end users, clueless central IT staff, and expensive mobile devices are a worrisome combination for healthcare CIOs.
Tom Nolle
Too Many Labels on 'Big Data'?

12|9|11   |   2:12   |   3 comments


However you label it, structured and unstructured information are different and will likely always require different tools.
Sara Peters
E2 Debuts New Storage Section

12|8|11   |   1:51   |   1 comment


Need strategic guidance on everything from SSDs to 100 percent virtualized datacenters? Look no further.