“Big data” has generated quite a bit of excitement recently, largely because of its promised ability to solve large business and scientific problems. Organizations large and small are eager to use smart, analytical algorithms to make sense of their large data and obtain useful information about their customers, their competitors, climate change, financial markets, and a host of other topics.
What gets lost sometimes in all the buzz is the fact that big data, like the “small data” before it, needs to be kept secure—especially when the big data contains information useful to thieves, such as credit card/bank account data, healthcare information, and the like. The trouble, as Yahoo! recently found out the hard way, is that hackers with access to sensitive big data might go undetected for weeks or months, continuing to profit from their ill-gotten goods for as long as they manage to escape detection. And because big data represents a big, tantalizing target, it’s subject to more frequent and determined attacks than smaller data sets.
“Here at AndPlus the security of our clients’ data and systems is of the utmost importance. Our in-house Big Data Lab is essential to incorporating a multi-layered security strategy into every product we deliver.”
- Dave Ferullo
Data Security Lead at AndPlus
How do you protect your big-data infrastructure? There’s nothing new here: It’s the same advice that’s been preached by data-security experts for years, big data or no big data:
- Perimeter protection: Updating the operating systems and firmware of servers, firewalls, and network gear goes a long way towards protecting your infrastructure by patching security holes as they are identified and fixed. Applications and workstations must be kept in top condition as well.
- Intrusion detection: It’s vitally important to monitor your infrastructure for activity that indicates a breach. The ability to respond quickly to a breach if it happens will mean the difference between a relatively inexpensive clean-up effort and knocking tens of millions of dollars off the value of your company.
- Least privilege: The concept of “least privilege” means that all users—whether and employee, manager, contractor, customer, or IT system administrator—have only the access and permissions needed for the jobs they do. Establishing and enforcing a least-privilege computing environment helps prevent both intentional and accidental releases of sensitive data.
- Security audit: Work with a data-security firm to assess your security stance, identify vulnerabilities, and recommend corrective actions. The cost of such a service—and of fixing problems now—is much smaller than the cost of repairing your corporate image in the event of a big-data breach.
- Data Protection: Encrypt data both when storing in your database and transmitting over a network. Even if an attacker steals the data, they will not be able to read the contents. User login information, and especially passwords, should always be hashed and salted in addition to storing in an encrypted system.
- Layered Defense: Never assume your first layer of defense will stop potential attackers. Redundancies will help ensure that if an attacker manages to breach your first layer they are unable to do significant damage.
With a solid data security environment in place, you can then confidently plan and execute your big-data projects. AndPlus stands ready to help develop your big-data solutions, with expertise in determining the right approach to getting maximum value from your big data. Just make sure your security is solid first.