Simply Security - News, Views, and Opinions from Trend Micro

Posted on March 5th, 2012 in Current News, Privacy & Policy by Simply Security | Be the first to comment | Tags: Compliance & Regulations

Big data can present a number of opportunities, but it can also be a security headache.

Depending who you ask, the term “big data” either represents an opportunity for unparalleled business intelligence or another piece in an ever-growing series of data security headaches. The concept is one that has garnered significant attention recently, and 2012 appears to be the year in which big data arrives front and center.

Essentially, big data describes sets of information that are simply too large and unwieldy to manage through traditional means. This often includes data gathered from social networking sites, video and photography, Internet searches and a handful of other sources. Much of this information is unstructured and does not fit nicely using the data management solutions that most businesses have grown accustom to.

In a report released last June, Gartner research vice president Mark Beyer said big data necessitates that information managers “fundamentally rethink their approach to data by planning for all dimensions of information management.”

The task of doing so can be as difficult as it sounds, given the volume, variety and velocity of big data. However, if managed effectively, big data can help businesses make better decisions through “pattern-based” strategies, says Gartner vice president and distinguished analyst Yvonne Genovese.

“Pattern-based strategy, as an engine of change, utilizes all the dimensions in its pattern-seeking process. It then provides the basis of the modeling for new business solutions, which allows the business to adapt. The seek-model-and-adapt cycle can then be completed in various mediums, such as social computing analysis or context-aware computing engines,” Genovese said.

However, even before this is accomplished, there are a number of considerations that IT security managers must take into account.

Writing for technology news provider Dark Reading, contributing editor Ericka Chickowski noted the myriad compliance issues that big data can present. Upon hearing all the benefits offered by big data, business managers and executives may be all too enthusiastic about jumping on the opportunity as soon as possible.

Meanwhile, IT security managers must ensure that the data is adequately protected in a way that is in compliance with the regulations that loom over their industry. For healthcare organizations, this includes the Health Insurance Portability and Accountability Act (HIPAA), as well as the Health Information Technology for Economic and Clinical Health (HITECH) Act. For retailers, such rules are established by the Payment Card Industry Data Security Standard (PCI DSS).

“The question for security professionals, of course, is if this growing mass of data is becoming increasingly unstructured and accessed from an ever-distributed cloud of users and applications looking to slice and dice it in a million and one ways, how can they be sure they’re keeping tabs on the regulated information in all that mix?” Chickowski wrote.

Chickowski noted one expert as saying that the amount of data companies are now storing is leading them to neglect the “specific pieces of information,” which may be sensitive in nature.

For example, data collected through social media can provide a wealth of information regarding consumer buying habits. But such data is potentially sensitive and, given its unstructured nature, could present compliance issues if inadequately accounted for.

One advantage of big data, at the moment, is that much of it is not yet regulated, meaning IT managers still have time to figure out how to handle the information. This removes the compliance concerns, but not the issue of data security. Additionally, it is only a matter of time before government or industry bodies introduce some sort of standards mandating how such information must be managed.

“From a compliance perspective, many of the laws and regulations have not addressed the unique challenges of data warehousing. Many of the regulations don’t address the rules around protecting data from different customers at different levels,” Tom McAndrew of auditing firm Coalfire said, according to Dark Reading.

In a 2011 report, the McKinsey Global Institute asserted that big data will become “a key basis of competition and growth for individual firms,” and noted that companies will use such information to innovate and spur new growth.

“From the standpoint of competitiveness and the potential capture of value, all companies need to take big data seriously,” McKinsey stated. “In most industries, established competitors and new entrants alike will leverage data-driven strategies to innovate, compete, and capture value from deep and up-to-real-time information.”

But in order for this to happen, businesses must ensure their data security practices can account for big data. In many cases, this will require a data-centric approach, in which the information itself is protected rather than the endpoints accessing it. While this too requires IT managers to put forth some innovative new ideas, it could pay dividends when the company avoids data loss or is able to comply with regulations that may eventually emerge regarding big data.

Data Security News from SimplySecurity.com by Trend Micro