Security Considerations in Enabling Big Data – Snake in the Grass (Part 1)

Big Data holds a lot of promise – from the potential to change business models to the ability to rapidly refine services and goods that traditionally took years of industry speculation. But the utilization of Big Data isn’t just about mining data within your organization. It’s also about tying it to larger data stores and services. It’s about enhancing data at the point of transaction, through social media interactions, and through multiple other sources.  From a security perspective, I believe more connections must be allowed to flow into the organization. Field devices must feed in near real time to centralized data repositories, and analysts need access to it all.

The US government has also taken notice of Big Data’s big potential. The Obama Administration recently unveiled a Big Data Research and Development Initiative, which will see at least six government agencies making a large investment with the goal of “greatly improving the tools and techniques needed to access, organize and glean discoveries from huge volumes of digital data”. It takes experience to leverage this kind of analysis. For example, it’s the kind of activity that enables retailers like Target to determine the likelihood that any one shopper might be pregnant, simply by analyzing the purchasing trends of individuals through predictive analytics. Data has always been used to help hone in on business prospects and opportunities, but now this same phenomena is stretching beyond sales and marketing. Many other industries are looking at how they too can leverage larger and larger data sets.

Both the financial and large retail markets have experience in the data dilemma, but most have focused on their own data collected over time.  The Red Flags rule prompted earlier detection of identity fraud for financial institutions, while retailers continue to capture sensitive customer information by luring them with special offers and loyalty programs. Last years’ Epsilon email breach, which disclosed the email addresses and affiliated relationships with the marketing programs of several retailers and banking institutions, caused real concerns about targeted spear-phishing attacks that use this sensitive information. It’s not only businesses looking to profit from this analytic data, but also cybercriminals.

As more and more industries utilize their own data, they’re also expanding out, leveraging other sources to gain richer business insight. Whether the objective is to drive dynamic business decision, get in touch with customers, or predict situations to mitigate risk, there are bad guys out there that may want unauthorized access. Even though you may just be starting the process of gleaning information from big data, or as I like to think of it, ‘finding the needle in the haystack’, please consider the security and privacy issues. Businesses and organizations need to put the right security controls and monitoring in place to make Big Data successful – and not a liability.

For more information on the benefits and risks associated with Big Data, stay tuned here in the blog for Part 2 of this series, and be sure to follow us on Twitter at @IntelSec_Biz.

-Kim Singletary

Leave a Comment

three + 2 =