As organizations and CIOs attempt to create order from chaos, big data often lands within the organizational crosshairs. Although the concept has been a bit overhyped over the last few years—it’s the results that matter and not the size of the data set, after all—it’s increasingly at the center of digital transformation and success.
As Goutham Belliappa, Principal for Insights and Data at Capgemini, puts it: “Leaders are putting it to use more and more. They recognize that big data represents value when it is used effectively.” Adds Scott Schlesinger, principal at EY’s IT Advisory in the Americas: “The field has matured to the point where it now represents next-generation analytics.”
The challenge, of course, is focusing the microscope to obtain useful results. But equally vexing for many organizations is putting essential security and privacy protections in place. A new handbook from the Cloud Security Alliance (CSA), The Big Data Security and Privacy Handbook: 100 Best Practices in Big Data Security and Privacy, offers insights into this increasingly daunting task.
“Today, big data is cheaply and easily accessible to organizations large and small through public cloud infrastructure,” said J.R. Santos, Executive Vice President of Research for the CSA. “As big data expands through streaming cloud technology, traditional security mechanisms tailored to secure small-scale, static data on firewalled and semi-isolated networks are inadequate.”
Next-generation analytics’ unique security concerns
The situation isn’t going to get any easier in the months and years ahead. The Alliance estimates that the volume of data generated is expected to double every two years from 2,500 exabytes in 2012 to 40,000 exabytes in 2020. “Large-scale cloud infrastructures, diversity of data sources and formats, the streaming nature of data acquisition and high-volume, inter-cloud migration all play a role in the creation of unique security vulnerabilities,” it noted.
Among the key topics the report addresses: secure computations in distributed programming frameworks, including trust and de-identifying data; secure best practices for non-relational data stores, including protecting passwords and safeguarding data at rest; securing data storage and transactions logs; and real-time security/compliance monitoring. Moreover, the handbook provides specific insights and suggestions about how to implement various best practices.
As CIOs, CSOs and other business and IT leaders wade deeper into big data, it’s critical to formulate an organizational framework for data governance and use. A highly integrated set of policies and procedures are paramount. Concluded Santos: “Security and privacy issues are magnified by this volume, variety and velocity of big data.”