In this special guest feature, Eric Tilenius of BlueTalon highlights the four main reasons why companies should adopt data-centric security. Eric Tilenius is CEO of BlueTalon, a leading provider of data-centric security for Hadoop, SQL, and big data initiatives. The BlueTalon Policy Engine delivers precise, consistent, and dynamic user access controls to effectively protect sensitive data in hybrid environments, giving enterprises unparalleled flexibility in the management of their data resources. Eric is an experienced technology executive who has led multiple technology companies to success. Prior to joining BlueTalon, he was an executive-in-residence at Scale Venture Partners.
The stark reality for enterprise security is that hackers continue to operate almost at will, bypassing defenses, and causing data breaches that have significant impact on consumers, businesses and governments. It’s fair to assume that if hackers want to get into your networks, they’re going to get into your networks.
While much focus is placed on network security, endpoint protection, and perimeter defenses, compromised valid credentials continue to be one of the single greatest causes of data breaches. One compromised account led to one of the largest data breaches reported in the U.S. in 2015. Once hackers access valid user credentials, they operate undetected and can steal all the data the user is entitled to. In the case of big data, this can be devastating.
Faced with the threat of data breach, data-centric security has emerged as a proven line of defense to protect what matters most – the data itself. Securing perimeter networks, servers and applications will remain imperative, but it is no longer sufficient.
Data-centric security is grounded in the four characteristics below, enabling enterprises to control who has access to what data and securely taking big data projects to production:
Precise data authorization, based on business needs
In a survey conducted by the Ponemon Institute (pdf), 71 percent of corporate users stated that they had access to data they shouldn’t be able to see. Hackers exploit this gap in security controls, target employees using simple means like phishing and social engineering, and get access to massive amounts of data. Data-centric security ensures employees only have access to the subset of data they need to perform their job, thereby limiting the amount of exposure in a single breach.
Centralized policies, but distributed enforcement
Data environments keep growing in scope and complexity: recent research from Pentaho shows that the majority of businesses blend 50 or more sources in their analytics environment. Relying on a fragmented approach to control data access can rapidly turn into a security chaos. Data-centric security brings along a more scalable approach where policies are centralized and defined once, but deployed and enforced locally, directly at the repository level. This ensures consistency and delivers unparalleled flexibility in the management of data resources.
Dynamic data masking to protect sensitive data
Unlocking the value of the data collected is on the agenda of every big data project. To maximize users’ access to data, without exposing sensitive data to inappropriate use, enterprises should use dynamic data masking capabilities that no longer require duplication. Similarly, using dynamic data masking allows developers and QA staff access to the data project they support without giving them full access to data they are not authorized to see.
Auditing of data usage to flag unusual data requests
Auditing data usage and monitoring data requests immediately augments the defenses of any organization. Well-crafted policies can detect and even block anomalous user behaviors while real-time auditing will help identify unusual data access attempts and potential intrusions.
With data-centric security, enterprises are better positioned to protect sensitive data while unlocking the full value of big data initiatives. End users gain access to all the data they need to do their job. Security staff can more easily ensure the management and consistency of security policies across the enterprise regardless of applications in use. Most importantly, organizations gain flexibility in the deployment of data resources. This is a big step for any enterprise working to limit the risk of a data breach—and a huge leap towards removing security as one of the last barriers to the adoption of big data.