“Big Data” is a buzzword among executives and workers. And with businesses large and small increasingly focused on how to mine mountains of internal data for revenue-boosting insights, it’s perhaps inevitable that questions about maintaining that data’s security would also arise.
Securing Big Data is largely a matter of securing the platforms used to store and process data, according to Gartner analyst Ramon Krikken. “Platform capabilities are important, but they don’t capture the full breadth of security concerns with—as we define it—data that is high in volume, velocity, and variety,” he wrote in a May 10 blog posting. “In an environment that is all about really putting data to use, how do you design the right controls?”
Refining the question further, he asks which technical controls make the most sense “given the specific exposure and threats to this information.” Within that context, more general security solutions with the words “Big Data” slapped on the packaging and support documents will no longer suffice. No, companies will increasingly need to understand the nature of the data they keep in-house, and how their workers utilize it in order to gain insights.
“I do believe several vendors will create very useful solutions—and some will be extensions of traditional products,” he wrote. However, “much of the ‘securing big data’ will need to be handled by understanding the data and its usage patterns—lest we repeat the ‘grant all’ stance used in many RDBMSs instances.” For those perhaps unaware of certain acronyms, ‘RDBMS’ stands for ‘relational database management system.’
In sum, that means those within an organization responsible for IT security will need to know the nature of the in-house data before they can apply the proper in-house controls.
And datasets need to be secured, if only because the data itself is often valuable. “It goes without saying that centralized, extremely large volumes of data carry a significant security impact,” Ed Moyle, a security strategist at cloud-services company Savvis, wrote in a corporate blog posting. “Can you think of a more appealing target for someone who wants to get their hands on their organization’s crown jewels?” Compounding the threat, he added, is the complexity of the tools required to help keep the system locked down.
In other words, Big Data deserves a big security plan.