Has anyone in your organization stopped to ask about big data security as all of these petabytes of information are being applied to your business intelligence and business analytics?
Don’t assume that your data stores for big data are as secure as the business data in your RDBMS or CRM systems. Those systems have a significant and established governance regimen. And, your company most likely has established who the stakeholders are and who has responsibility for protecting that data.
When it comes to big data security, all bets are off, according to Gartner Research VP Merv Adrian. These are just some of the unstructured data sources being poured into what is known collectively as big data:
- Relational databases
- Third party sources
- User generated content from social media sites such as Facebook and Twitter
- New partners
- Instrument feeds
- Sensor networks
So, who owns and secures the big data that is coming into your enterprise from such a wide variety of sources? Has your organization put someone in charge to assume the liability that comes along with big data? Are you looking at the potential risks and exposures, and ensuring that the same level of considerations are applied to big data security as to any other information in your enterprise?
This is a particular challenge because big data is still in its early stages. The source code is an open-source project and isn’t even a decade old. The basic functionality is still being shaken out. Most big data products are quite immature when it comes to security.
Big data security: top three concerns for CIOs
For now, there are three issues that CIOs and other IT leaders need to keep in mind when it comes to big data security:
- Determine all of the data being used in your big data project. Look far outside your RDBMS systems. Remember, big data stores information in its own file system, HDFS.
- Determine the level of risk involving the various data components. For example, information such as personal medical or financial data is far more important than email addresses.
- Make sure that whomever owns the most sensitive data in your organization is also the person charged with securing it.
Indeed, as network engineer Andrew Froehlich points out in a recent Enterprise Efficiency blog:
It is also important to monitor and regularly audit data requests from various groups. Ask why a particular user or group needs to be granted access to specific datasets — or access to the database at all. Databases should be treated with the utmost respect, and that includes strictly limiting access to a narrow group of users. You may end up looking like the bad guy, but at least you’ll keep your data safe. And from a career longevity standpoint, it’s better to protect your data than it is to make friends with the marketing or sales team.
About the Author
Andy Patrizio is a contributing writer for EnterpriseEfficiency.com, a UBM Tech community.