The group will research six themes—“Big Data”-scale crypto, cloud infrastructure, data analysis for security, framework and taxonomy, policy and governance, and privacy—from a security perspective, with an eye toward developing best practices and standards for locking down information.
“Everyday 2.5 quintillion bytes of data are being created resulting in a myriad number of data security and cloud-computing security concerns,” Sreeranga Rajan, Director of Software Systems Innovation at Fujitsu Laboratories of America, wrote in an Aug. 29 statement. “By collaborating as a global community of thought leaders and researchers, we are not only looking to help the industry overcome these challenges but also to leverage new opportunities for the monitoring and detection of security threats enabled by big data.”
The working group’s report will apparently arrive this fall, and focus on identifying “the new and fundamentally different technical and organizational problems when addressing big data security and privacy.” In preparation for that report (as well as subsequent ones), the group will build an experimental platform of test data sets for specific industries such as health care.
Future reports will focus on the aforementioned standards for Big Data security and privacy, test beds for strengthening security and privacy, and similar topics.
Various companies offer tools for database and information security. One example is Sqrrl, a startup founded by NSA veterans, which offers authorization-based access controls, product security measures such as auditing and encryption, and cell-level (as opposed to row- or column-level) data security. However, given the increasing popularity of data analytics, a set of common standards and best practices probably couldn’t hurt.
Even as companies take an increased interest in securitizing their Big Data infrastructure, those same data-analytics platforms can be used to lock down whole organizations against external threats.
A recent study by the Information Security Forum (ISF) found that “only half” of the organizations it surveyed were using an analytics package with the purpose of analyzing data and network traffic for evidence of fraud and other crimes. “Few organizations currently recognize the benefits for information security, yet many are already using data analytics to support their core business,” Michael de Crespigny, CEO of ISF, wrote in a statement accompanying the report’s release.
Image: Ljupco Smokovski/Shutterstock.com