Manage big data presents a new security challenge that some businesses are not prepared for. It’s different than protecting your network or even protecting a small amount of sensitive information in that the scope is so much larger. Unfortunately, not all businesses realize that. Many try to use the same data protection methods that they’ve always used on larger and larger amounts of data, and that causes issues. More and more businesses are now collecting big data to use in marketing and customer retention. In 2013, for example, the number of businesses collecting big data grew by 58%. That number has only increased every year after.
This increase in data is making more and more businesses targets for hackers. This is especially true for those who aren’t protecting their data as they should be. While changing your data security practices may be costly, it’s nothing compared to what you may have to pay if you experience an attack. A network breach at Target cost the company $1.1 billion. An attack at Sony cost $171 million. There’s no telling how much data or what cost a breach at your company could cost, so it’s better to spend money on preventative measures than it is to take the risk.
The Differences Between Big and Small Data
There are three main points of difference between protecting big data and traditional amounts of data:
- The data itself.
- The technology used to analyze big data.
- The infrastructure for storing big data.
The Data
The sheer amount and variety of data is what makes big data so difficult to manage and keep secure. Another issue for many companies is how quickly they accumulate new data. Some have a large amount of information coming in on a daily basis. That information has to be analyzed, parsed, and secured.
However, the variety of information coming in does make securing it and granting access to it difficult. Every employee likely won’t need access to every type of data you have. That means each data type or source will have to have different access restrictions. This means you’re going to need different security policies for each type. The trick is to balance the access people need with strong security. It’s likely that some employees will need to change their access level at different times depending on what they’re doing, making it even harder to keep up with who has access to what.
One thing some IT teams do is simply give everyone access, but then you have a huge security risk. This should never be done simply because then all it takes is one compromised account for you to lose everything.
Where your data comes from can also present security vulnerabilities. If you have data coming from ten different sources, that gives attackers ten different entry points to your system. You have to keep all of these entrances secured at once.
The Technology
Another challenge is that many tools being used to handle big data weren’t designed for security. NoSQL databases and Hadoop, for example, originally had very little or no security. Hadoop didn’t even have authentication at first, which is one of the most basic network security tips. The vulnerabilities involved in these tools mean you have to either look at using other programs or shoring up the holes in security.
The Infrastructure
Another challenge is found in the infrastructure used to store your data. Many big data storage is done using a distributed model rather than a single database. While this type of environment is much easier to use for big data, it’s more of a challenge to secure. The more servers involved, the more areas of attack there are. This is especially true when the physical servers are in different locations. Physical security then becomes a major concern. You have to make sure only authorized individuals have physical access to each machine.
Then there’s the issue of data being transferred to other locations. You may have offices around the world that need to access information. Securely transmitting that information can be a challenge.
Another issue is that all of your servers may have different configurations. That means some systems may be more vulnerable to attacks than others.
Securing Big Data
Despite the data security challenges that using big data presents, the rewards are more than worth the risk. You simply must make certain that your data is secured. The following list contains a number of different ways to ensure that your data is protected.
- Use Secure Software – Make certain any software you use, especially open-source software, is secure. If it wasn’t built with security in mind, reconsider using it until a secure version is available. You can also add other security programs designed to help increase protection at the application level.
- Monitor and Analyze your Audit Logs – Always look at your audit logs to see what is happening on your servers, especially your big data servers. This will give you an idea of what kinds of attacks you may be victim to on a regular basis.
- Use Real Time Monitoring Software – Install a real time intrusion detection software like Snort (owned by CISCO) so you can see exactly who is trying to access what at any time. This software will help you block those attacks immediately. You’ll also be able to see if any of your accounts have been hacked when they try to access data they do not have access to.
- Secure your Hardware and Software – When configuring new servers, make sure you’ve created a secure image that you can use for all of them. This will keep your server configurations the same, making it easier to protect them. Also, make certain every patch is installed and that only a few users have administrator-level privileges.
- Monitor your Accounts and Use Account Controls – Finally, monitor your user accounts and only give access to those that need it. Require users to use very strong passwords, and deactivate the accounts of any employee who leaves the business right away. Also, lock accounts that have attempted to login using an incorrect password after several tries.
Contributed by: Sheza Gary, a technical director at Algoworks, a global IT service provider which operates chiefly in United States from its California office. She was previously a technical manager at CloudGenix. Sheza has a MBA from California State University, Northridge and a bachelor’s from Boston University.
Sign up for the free insideBIGDATA newsletter.
Hi
Excellent post. Thanks for conveying the importance of keeping a high quality security system for big data. Thanks a lot for sharing this article.