Do You Have a Big Data Security Strategy Against Security Threats?
When it comes to enterprise security, defending against ever-changing IT threats is like playing whack-a-mole. Perpetrators are always looking for a way in, while the white hats have to constantly knock them back down. This also includes having to enforce security requirements on employees who want to find the most the convenient way to access critical data.
Collecting vast amounts of data from disparate sources exposes the enterprise to new threats and creates massive new stores of (big) data that you must protect. This includes the necessity to stay compliant with regulations such as the Payment Card Industry Data Security Standard (PCI DSS), Sarbanes Oxley, HIPAA HITECH, and many state and federal data privacy laws.
To stay ahead of possible security breaches, CIOs and IT directors must be proactive and look at big data as not necessarily the problem, but part of the solution. In other words, if you apply the right big data analytics, you can use that data to uncover and anticipate security threats before they happen.
Here’s a quick synopsis of 10 steps to building a better big data security strategy:
- Policy First: Before you start creating a policy, understand what the data is, which of it you plan to retain, and how much of the data is transitory and not meant for long-term archival.
- Prepare for the Worst: Casual hackers have given way to organized crime syndicates that scour the Internet for vulnerabilities, commission, new tools, and zero-day exploits. They operate as businesses with the sole purpose of separating companies – like yours – from their valuable information.
- What Happens in the Cloud…: If there is an opportunity to store big data external feeds in the cloud they originate from, there is an opportunity to leverage the SLAs and security features guaranteed by a cloud computing provider. Take advantage of that and let what happens in the cloud stay in the cloud. That's what your internet bandwidth is for.
- Ensure There Is a 21st Century Security Plan in Place: For most enterprises, the plans in place were designed in a pre-cloud world of in-house, on-premise databases. With most data security plans designed in a prior millennium, it's time for a new data security plan that takes into account today's BYOD, mobility, and cloud risk factors.
- Security, Meet Operations: In all too many organizations, the security and IT ops teams have worked completely independent of each other, and many still do. Without a solid link between the IT operations and security teams, there will be instances where both teams work independently on the same problem. This can double the amount of time it takes to understand the root cause, craft a countermeasure or trouble ticket that addresses the underlying problem, and restore access to applications and data.
- Find a Threat? Collect the Data: The more information you have, the better your chances are for preventing a security problem from hurting your business.
- Work Big Data Security Analytics (BDSA): With tools designed for event data, today’s BDSA tools not only strive to notify users of a security issue in real time, but they also provide a methodology of looking back into the past to uncover security issues that may have arisen without being detected at the time.
- Data Science Is an Art: The Data Scientist is a recently emerged role responsible for creating the advanced analytics programs that define a big data program and extract actionable information.
- Siloed Data Is the Enemy: In today's information economy, the most efficient enterprises are those where data is freely shared between departments and groups. This combines log information from multiple sources with groups in order to correlate events pointing to real-time alerts for at-risk data and enabling data analytics.
- Normalize and Analyze: Every device and program has analytics, but they all capture different fields with different meanings. Normalizing log data enables non-data-scientist analysts to not only gather meaning from log data, but also develop actionable information plans with complete vendor independence.