Big data = big exposure. What can you do about it?

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
 

Connecting state and local government leaders

By

Big data, which involves a lot more than large databases, complicates security, but there are steps agencies can take to protect their information.

Agencies are looking to “big data” to help solve some of the most pressing challenges facing government today. But big data often brings its own challenges in the form of IT and information security concerns. Too often, agencies approach big data as if it were an expansion of or significant increase in their database capability. Yet the term “big data” means much more than just a large database; it encompasses new tools, technologies, and deployment and operational methods. It is usually inextricably part of cloud computing and virtualization strategies. From an information security perspective, big data can mean “big exposure” to risk if approached solely from a traditional IT perspective.

Similar to traditional it approaches

While an authoritative definition of big data is debatable, the following proposed by Forrester’s Mike Gualtieri, is one that IT security professionals can easily grasp, given that their mission has traditionally been focused on how data is processed, stored and transmitted:

Big data is the frontier of a firm’s ability to store, process, and access (SPA) all the data it needs to operate effectively, make decisions, reduce risks, and serve customers.”

Certain aspects of big data include traditional IT approaches with traditional challenges that do not require an entirely new perspective. In fact, many agencies already have the foundation laid for developing an approach to big data security. That foundation includes mature processes for cloud computing, continuous monitoring and Federal Information Security Management Act compliance. For example, as agencies optimize their continuous monitoring capabilities, they can utilize existing tools that support big data, including vulnerability management and patching services. While these capabilities are all necessary first steps to approaching big data security, a new perspective is in fact required when considering the differences between big data and the large data processing and storage of the past.

The differences

Big data consists of many new technologies, tools and practices (Hadoop, NoSQL, Pig, Hive, HBase, etc.) as well as data warehousing strategies, many of which are new to the security professional and create a complex operating environment.

The following examples represent some of the complexities that are non-traditional causes for concern from both a security perspective and an IT governance perspective:

Database structure. Although most traditional database vendors support big data, they operate as SQL-based or another type of relational structure. Hadoop and other next-generation databases are designed for unstructured data.  

Scalability. While most structured database systems are designed to “scale up” based on the size of the host machine, next-generation technologies are often designed to “scale out,” or cluster. Instead of having a single large database server, an agency may have 500 smaller systems operating together as a cluster. Some of these systems could be virtual, some physical, and some in the cloud.

Configuration management. Traditionally, FISMA (through FIPS-200) has required agencies to develop robust configuration management plans, develop configuration and change management boards, and ensure that security impact analysis is performed as part of system changes. When working with big data, mature and robust configuration and change management is a must.

Cost. Since new nodes could be spun up in almost any cloud provider’s environment, or even on additional desktops within an agency, tight control over IT resources and spending must be in place.

Operations. Who is responsible for patching? Who is responsible for vulnerability scanning? What happens if the software has a vulnerability and there is no vendor to contact for support? Ensuring even basic maintenance of operations and allocating additional resources merit rigor in the decision-making process. With many big data platforms capable of utilizing cloud services out of the box, the security team must be aware of any changes being performed as part of the system lifecycle.

Big data still relies on the same IT infrastructure as systems did in the past but can greatly expand and complicate it. New software, such as Hadoop, lacks mature security models, assessment techniques and automated tools. This means security teams will need to rely largely on an array of operational and managerial techniques — including segmentation and robust, auditable access controls — to help ensure big data does not become “big exposure.” Security teams must look at big data from a holistic perspective of protecting the infrastructure and operating system, applying as much automation and existing policy as possible.

By applying the existing approaches under FISMA with mature change and configuration management processes, agencies can begin to securely leverage the power of big data. Security teams will need to become more integrated and involved in the lives of data scientists and business units to understand how they are operating and where they need support. While big data is new to many agencies, the principles in protecting information and bringing mature management to an operation often is not. Agencies should leverage their existing operational and managerial controls to protect new technologies while automated tools are developed to add further rigor, maturity and automation.

NEXT STORY: Secure-travel advice for Black Hat... and your local Starbucks

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.