Getting to grips with Big Data security

To conclude then, there are two separate challenges facing the enterprise wishing to embrace the Big Data revolution safely. As John Thielens, chief security officer at Axway, told IT Pro: "First, organisations implementing Big Data need to take security into account as a top level requirement in the project, especially as new and potentially unfamiliar technologies are brought to bear: massive data warehouses, distributed computing, open source platforms and tools, and cloud.

"But Big Data also represents a powerful new offensive and defensive security weapon, so organisations must also be prepared to participate in this arms race in a more general sense."

Both are potential pitfalls, and many security experts are simply not convinced that all organisations are yet taking a broad enough view...

Does Big Data Security = Big Cost?

Martin Sugden, CEO of data security software firm Boldon James, acknowledges that security costs money. With training, people and systems all sucking up the budget.

"If you apply a one size fits all approach your cost will expand as your data expands," Sugden warns IT Pro readers. "You have to know what data you are dealing with. This means involving the user, getting them to take responsibility. You get an immediate increase in the number of security savvy people for limited cost when you train the users."

"If you understand the unstructured data and you can reduce what you store, this saves money. "If it truly is chaff then you don't need to spend lots of money protecting it," Sugden concludes.

The Big Data lifecycle

Jamal Elmellas, technical director of independent security consultancy Auriga Consulting, argues that the data lifecycle is key. He believes you have to understand the life cycle and then bake in security at the relevant stages.

"There isn't a one-size-fits-all approach, following good security principles is an excellent start, making sure you apply the right amount of security so as to not impede the velocity element of Big Data," Elmellas says.

"Legislation must also be a key consideration, for example the Data Protection Act (DPA) must not be underestimated or forgotten in the quest to deliver the business strategy. The data foot print can be huge and complicated, mapping this process ensures you don't get caught out, especially in regards to sanitising data sets that no longer have any use. Understand the Big Data Lifecycle and the business strategy, build security controls that don't impede the process". [

Don't build it backwards

Marcus J Ranum, chief security officer at Tenable Network Security, warns the enterprise not to repeat the mistakes of the recent past.

"I'm a little unconvinced about Big Data's claims of ROI to begin with. It seems to me that the way it's being pushed is backwards. Whenever I read about Big Data it seems to sound more like build it first, then a whole bunch of magic will happen.' In security, we went through this five years ago, when everyone was being told to buy a SEIM' and (basically) that it would figure out and solve all the organisation's security problems," he says.

"Of course, everyone discovered that in order to get the ROI out of the SEIM they needed to spend a lot of time figuring out what data was in it, managing the SEIM, and programming it. Processes like Big Data and SEIM require knowledge-working analysts and an understanding of the purpose of the data - otherwise the chance of failure is increased considerably."

Davey Winder

Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.

Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.

You can follow Davey on Twitter @happygeek, or email him at davey@happygeek.com.