Cybersecurity Grabs the Big Data Spotlight
For all the good that big data can bring your company, it also introduces certain risks. Thanks to a growing awareness about the importance of cybersecurity as a result of recent high-profile breaches, businesses will have a harder time ignoring these risks in 2017, technology executives say.
While security professionals have been sounding the alarm over too-lax security policies for years, those calls have largely fallen on deaf ears at the c-level—in the C-suite as well as among consumers. However, the wider population was treated to a wakeup call about the troubling state of cybersecurity during the 2016 political campaign season.
For starters, American intelligence agencies say a group of Russian hackers known as “Fancy Bear” compromised servers owned by the Democratic Party and released information in an attempt to influence the election. And last month, Chinese hackers, perhaps those affiliated with the community government’s infamous PLA Unit 61398, are accused of targeting a US aircraft carrier in an attempt to steal data. American companies and government agencies have been fighting cyberwars for years, and now the secret is out.
The premise of this war is simple. If you find data valuable, then it’s likely somebody else will find it valuable too. Raw data is essentially a commodity today that organizations of all stripes can buy, sell, and trade on legitimate and black markets. But the digital nature of this commodity is what makes it so potentially dangerous. While physical commodities like wheat and coal are shipped via supertankers, trucks, and airplanes, data moves easily over the Internet.
Signs point to a growing awareness of the vulnerability of computer systems, storage, and networks, among general consumers as well as technology leaders charged with ensuring the safety of applications and data. Whether your organization stores data on relational or NoSQL databases, distributed or object-based file systems, the security of that data will likely be scrutinized this year like never before.
Hadoop—which was originally developed without built-in security controls– will definitely be getting some attention this year, according to Balaji Thiagarajan, group vice president of big data at Oracle.
“Hadoop security is no longer optional,” Thiagarajan says. “Hadoop deployments and use cases are no longer predominantly experimental. Increasingly, they’re business-critical to organizations like yours. As such, Hadoop security is non-optional. You can expect to deploy multilevel security solutions for your big data projects in the future.”
While the Hadoop community is making fast progress in retrofitting the big data platform with security capabilities via open source projects like Apache Sentry, Apache Ranger, Project Rhino—as well as through proprietary projects like Cloudera Manager and vendors like Zaloni, Dataguise, Zettaset, and others—additional care must be taken by the Hadoop user to ensure the data is used in a secure manner.
“Security concerns will force enterprises to take a second look at their data lake initiatives,” says Steve Wilkes, co-founder and CTO at real-time analytics provider Striim. “Current practices that dump raw log files with unknown and potentially sensitive information into Hadoop will be replaced by systematic data classification, encryption, and obfuscation of all long-term data storage.”
Companies are beginning to realize they must lock down their systems of engagement as well as they’ve locked down their systems of record (although in many cases, the systems of record are dangerously vulnerable too). A recent survey by BI on Hadoop vendor AtScale found that accessibility, security, and governance are now the fastest growing areas of concerns. Worries related to data governance, in particular, are growing the fastest, according to AtScale, which reported that 21% more respondents highlighted governance as a concern in 2016 compared to 2015.
Digital transformation is one of the most powerful forces driving companies to architect their computer systems. As they adopt new systems, however, gaps in the security protections are emerging, which cybercriminals are only too willing to exploit.
A recent report by Forbes Insights and BMC says the extent of this disruption is undeniable. “69% of senior executives recently surveyed by Forbes Insights and BMC believe that digital transformation is forcing them to rethink their cybersecurity strategies,” the companies said in a report released today titled “Enterprises Re-Engineer Security in the Age of Digital Transformation.”
“The focus is shifting from securing systems to securing vital data that resides within them,” said Bruce Rogers, Chief Insights Officer at Forbes Media. “Cloud and mobile technologies also add complexity to the challenges involved.”
Going On Offense
While defensive measures like encryption, data masking, authentication, and authorization are all necessary and good for Hadoop, there’s also a booming market for taking more offensive security tactics in the distributed platform. That is, customers will increasingly look to leverage their big data processing capability and advanced behavioral analytic models to weed through the logs and proactively spot the bad guys who are either trying to break into the network, or are already there.
“Cybersecurity will be the most prominent big data use case” in 2017, predictes Quentin Gallivant, CEO of Pentaho, which is now owned by Hitachi Data Systems. “As with election polls, detecting cybersecurity breaches depends on understanding complexities of human behavior. Accurate predictions depend upon blending structured data with sentiment analysis, location and other data.”
However, the increasingly decentralized nature of connected systems poses a major challenge to security. The denial of service (DoS) attack that brought down large swaths of Netflix and PayPal‘s service last fall was launched from unprotected smart devices connected to the Internet. Security experts warned that that DoS attack was likely a trial run for a larger attack.
Moshe Ben Simon, co-founder and vice president of services for Trapx Labs—which discovered that cybercriminals had attempted to exploit security flaws in medical devices used by hospitals last year–says IoT attacks will surge in 2017.
“Most IoT devices manufactured today have no integrated cyber defense and do not allow third parties to install security software,” Ben Simon warns. “To address this concern, manufacturers recommend that security for IoT devices is achieved by ‘installing behind a firewall,’ which is no longer a guarantee of safety in today’s environment. Once IoT devices are compromised, they can then provide a ‘back door’ that serves as a clandestine communications channel for months before discovery.”
Blockchain and GDPR
For all the doom and gloom, there are bright spots emerging in the security arms race in the form of Blockchain, an emerging digital ledger that uses transparency to ensure the integrity of transactions that use cryptocurrency like bitcoin, and the European Union’s General Data Protection Regulation (GDPR).
“The emergence of Blockchain coupled with advances in consumer technology devices, cloud computing and security measures will alter the current data ownership paradigm from centralized to decentralized,” says Jans Aasman, CEO of Franz.
Early efforts include projects in healthcare and social media, he says. “In a project known as Solid, Tim Berners-Lee and his MIT cohorts are working to return ownership of social media data to the users that create them,” Aasman says. “In healthcare there is a growing desire for patients to control their own medical records based on the view from medical practitioners that patient care and quality of life is directly influenced by the ability of patients to access and utilize their data. This view is core to the Precision Medicine Initiative.”
Giving users control over their own data is a foreign concept to most Americans, but it will soon be the reality in Europe, which is working to put the new consumer-friendly GDPR fully into law by 2018.
According to Ramon Chen of Reltio, moving to the cloud could actually boost security and adherence to laws like GDPR, which impacts only American companies with European customers, but not American consumers. “With requirements such as the GDPR now in effect, companies not only have to ensure that their data is physically housed in the right geographic centers, but that the access complies with the most stringent regulations related to personal access and approvals for use of that data,” he says. “Partnerships and use of Amazon Web Services, Google Cloud, and Microsoft Azure go a long way to providing the confidence and flexibility that many companies are looking for.”
People and organizations may not be where they need to be with respect to cybersecurity at the moment. But if the current trend of greater realization of the real vulnerabilities of our data and systems continues to play out, it will only benefit law-abiding netizens in the long run.