There's no doubt that Big Data is getting big attention from senior executives in organizations across the globe. In fact, almost every CIO I speak with is investing in Big Data technologies to enable better planning, forecasting, marketing and customer support. Of course, that's not terribly surprising given the vast amounts of data we've been amassing over the last several years. Collecting, managing and analyzing large data sets in order to extract value and gain new insights just makes good business sense.
What IS surprising to me, however, is that security is — more often than not — an afterthought in Big Data implementations. By placing huge amounts of data collected from various sources into giant repositories, organizations are creating a new and exceedingly attractive target for malicious parties who want to steal sensitive data. Big Data architectures store and analyze very large volumes of data from social networks, customer interactions, sensors, IT systems and other sources, but they typically lack the security controls that analytic engines need. In an age of increasingly sophisticated cyber attacks and APTs that can easily breach perimeter defenses, if your organization doesn't have security controls in place that are architecturally and environmentally consistent with a Big Data cluster architecture, Big Data = Big Risk to your business.
To avoid this risk by properly securing Big Data repositories, you should devise an up-front strategy on how to lock down your sensitive assets, tightly control access to them and gain good ongoing visibility into exactly who is accessing what sensitive data. This means implementing strong security controls and policies, restricting access to authorized users, and deploying reliable security technologies as close to the source as possible. The most knowledgeable CIOs I've queried on this subject take a security "best practices" approach that incorporates four key elements: Security Intelligence; fine-grained access policies; advanced file-level encryption for the sensitive structured and unstructured information in their Big Data platforms; and integrated key management. According to them, that's what it takes to get the job done right.
Big Data doesn't have to equal Big Risk, but the bad guys are getting smarter every day, so it behooves you to proactively protect what matters to your organization and your customers. Putting the right forethought into Big Data security will enable you to sleep well at night, and it just might save you millions of dollars by avoiding a major data breach.
So, how does your organization stack up? Is Big Data security a top priority or just an afterthought?
Alan Kessler is Vormetric’s CEO. Follow him on Twitter @KessAlan.