Big data, big security questions
Half of enterprises today store sensitive information within big data environments (up from 31 percent in 2015). Influential agencies like ENISA warn there are considerable cyber risks from using big data tools. There is concern, for example, that such developments are a possible point of compromise and there are calls for increased vigilance and compliance.
As more and more sensitive enterprise information is shared within big data environments so the security challenges for organisations grow. Protection measures can only work when the entire big data environment is secured. In a big data implementation data is remotely accessed by privileged users for analysis. As use of big data spreads VPNs are an important first step in ensuring privileged user access stays secure.
Unstoppable rise of big data
A seemingly endless demand for commercial and government services to be available online is encouraging data owners to share more and more information. So fast is the pace of change that it threatens to outstrip cyber security measures.
Big data poses some big security questions such as how can attackers be kept out, who can access it and how is access controlled when so much information is shared by so many interested parties around the world. The security of big data requires international cooperation on an unprecedented scale and it only takes one weak link in the chain to allow this data to fall into the wrong hands.
Without robust security measures the potential for a serious breach of personal identifiable data increases with every day that passes. Should this happen it will be a sobering reminder of what can happen when security fails to keep pace with the march of progress.
There is also the question of data classification. Failure to classify sensitive data properly could extend the time it takes to detect breaches and hamper any subsequent investigations.
Plenty at stake
Industry experts fear big data systems will increasingly come under assault from threat agents. Attacks are expected to become increasingly elaborate and specialised as they try to pinpoint and exploit any vulnerabilities or weaknesses.
The chances of a successful attack are helped by the high levels of replication in big data storage. Equally helpful is tendency for big data computations to be outsourced to third parties thereby increasing the risk of a breach, leak or data degradation. Big data operators customarily linking different data sets and this too could have serious privacy and data protection ramifications. In short, the impact of any big data breach is likely to be much greater than anything that has gone before.
The challenge is made harder by the fact that interested parties from the world of big data – data owners, analytics specialists and businesses whose computing power and storage services are needed to analyse large volumes of data for insights – are likely to have conflicting interests.
The picture is further complicated by the fact that big data projects almost inevitably intersect with cloud-based services and Internet of Things (IoT) devices. Separate security concerns still surround both these technologies. Such concerns become magnified when the two work in concert. For example, could large, seemingly innocuous sets of IoT data be combined and analysed in conjunction with other information to undermine public privacy.
There are a number of good practices that organisations can adopt to minimise the risks present in using big data tools. High among them are protective measures around DDoS attacks, access controls and encryption.
Encryption has become a primary component of data protection. Every big data initiative should be complemented by an encryption strategy, starting with any information that is deemed to be confidential or sensitive. This data needs to be encrypted at all stages of its life cycle encompassing endpoint devices, while in transit and in storage.
VPN remains one of the most important ways for organisations to control access to data in digital networks. Ways in which VPN can help include:
- providing privileged user access to protected data in the implementation
- ensuring encryption
- forming an integral part of the security framework and controls within the big data environment
In summary, big data projects form a complex ecosystem where security countermeasures must be carefully planned and executed. International bodies like ENISA urge businesses that use software and systems to collect, analyse and use data to embrace "the security-by-default principle" to better safeguard data and systems against privacy and security risks. One of the top recommendations is for big data access to be encrypted. One of the most tried and tested ways to do this is via VPNs.