Chris J Powell

Big Data – Is your Data Secure Enough?

We all know that when looking for answers, it is best to have the most Data to help formulate the decision.  When it comes to analyzing Big Data Sets the same is true and through the use of new and emerging Data Discovery Tools, users are able to leverage structured, semi-structured and un-structured Data to help with their queries.

If the case of having access to more Data is always better…the challenge for IT is to both locate and then pinpoint the locations of the critical data needed by the Business Intelligence Users to build their queries and assist in the decision making process.   Beyond the type of structure that applies to the Data being queried is also the Data Governance that protects that data.

The keepers of the Data in IT do not only have to contend with a more sophisticated user base needing access to more Data, the Data Classification and Data Governance with SOX, HIPAA, PCI and GLBA coming in to play to restrict access to certain types of Data.  This tight rope act makes to role of Data Police even more vital to the success of an organization.

I thought about the use case for the moniker that all information should be FREE (an old Hacker call to action) and thought about the actions and inaction of certain companies who “allowed” their Data to be set free to hackers.  I am thinking of Sony with its repeated Data  Breaches and when I did a search on this topic I located a report from Verizon Business titled “2012 Data Breach Investigations Report“.  In this report a surprising statistic emerged…already in 2012 there have been 885 REPORTED Data Breaches with the loss of 175 Million Compromised Records.

The path to Big Data is paved with great intentions…but the reality is, Cyber Crime has littered this road with hulking wrecks of Security faux pas and outright gaffs.

So why in the world would any sane IT Manager or Data Specialist provide users with more access to potentially sensitive Data…well businesses continue to move forward and rarely look to the past for the guidance that history has warned us that we will be doomed to repeat.  The need for quality data to support decisions that are happening in real time, require a balance between security and discovery…and discovery seems to be winning out over security.

The Balanced approach is needed.  The Verizon Business Report shows that only 4% of Data Breaches come from internal Staff and less than 1% come from business partners so the internal threat while real is far less a challenge…so what about the other 95%?  That seems to come from a combination Hacking and Malware.  The hardening of your Network and use of effective Anti-Malware technologies can go a long way to protect against a Breach but will that ever bring your Threat Matrix down to zero…not likely.  Simple Risk Management process that focuses on Risk Tolerance tells us that with an unlimited budget…all risk can be mitigated but the reality is…unlimited budgets do not exist and a balanced approach that does the most for the least is the best method.

In the report, there were several recommendations made that support the Risk Tolerence Model:

Smaller Organizations

  • Implement a Firewall or ACL on remote access services
  • Change default credentials on POS systems and other internet-facing devices
  • If a third party vendor is handling the two items above, make sure they’ve actually done them

Larger Organizations

  • Eliminate unnecessary data; keep tabs on what’s left
  • Ensure essential controls are met; regularly check that they remain so
  • Monitor and mine event logs
  • Evaluate your threat landscape to prioritize your threat strategy

I left out the final recommendation for larger organizations which flows through the indicators and mitigators for the most common threats.  I do disagree with the distinction that Verizon made between Small and Large organizations though.  I think that the recommendations for Larger Organizations could and should be reviewed by EVERY organization.  The major difference being the ability and depth that they can be completed…but this is also the issue with scope and scale for a smaller company…less people, less content and less budget but it Threat Landscapes are key for all IT Professionals.

So, what may have started out as a glance at Data Discovery turned out to be a focus on Data Security.  It sometimes surprises me where the rabbit hole leads me when I start to build out the content each day.


Chris J Powell

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.