BigData needs Big Security

The retailer Macy’s Inc. does near real-time pricing for 73 millions items, based on demand and inventory. Wal-Mart Stores Inc. is using a semantic search engine that has improved online shopping with 5%, valued to billions of dollars. The Los Angeles and Santa Cruz police departments, used an algorithm for predicting earthquakes, tweaked it and started feeding it crime BigData. They can now predict where crimes are likely to occur down to 500 square feet. Result is astonishing, with a 33% drop in burglaries and 21% reduction of violent crimes (source). These are just a few examples how Big Data is changing our lives. We must trust our BigData, it should be kept safe and handled in a secure way, all key requirements for implementing Big Security.

BigData is all around us, and much of our daily life goes on within the virtual realm, where we are reduced as persons to no more than a string of zeros and ones. With increased data volume, -variety, -velocity, -veracity, -value and -complexity comes also a stronger dependency to correct and trusted information and increased vulnerability towards unauthorized access and manipulation. Information Operations (IO) are actions taken to affect adversary information and information systems while defending one’s own information and information systems.

Do hackers like BigData? If we put ourselves in the position of an adversary (a cyber criminal, hacker, attacker, invader); do you not agree that he/she would do anything to be able to tap into your high quality BigData? Hackers steal information simply because it’s good business. The better the quality and structure of the targeted data/information, the higher the value of the loot. Most hackers will go after the companies whose data is easily stolen.  If they encounter well protected data, they will move on to an easier target. That’s the simple reason why you need a higher degree of security for your BigData, at least higher than your competitors’.

Why is BigData an attractive resource? BigData contains more structure, links and meaning than simple data/information resources. One hack can therefore lead to other linked data resources or systems. The many links certainly raise the risk, today and even more in future. And it makes it harder to detect how the hack was done and trace the damages. Many companies who have their data compromised in this way do not learn of the problem for months.

Big Security –  OPTIQUE and “Information Workbench” are secure. But you should always remember that the attackers’ loot is your important BigData and Information.  For that reason OPTIQUE related systems will probably be attacked more than others. You never should underestimate any hacker or any hackers’ team. Usually hackers are smart; many of them are excellent IT specialists. And they try hard because they expect big rewards.

Big Security Measure #1 – Understand your risks. A classical cyber security risk approach is to go through C.I.A., identifying Critical (C) resources, protect the Integrity (I) of these resources and ensure a high Availability (A) to them. A risk analysis can be visualized in a Bow-Tie model, where threats and vulnerabilities emanates in a risk event (based on probability) and results in various types of damages; losses, reputation, costs and others. Barriers can then be modeled to help mitigate risks or consequences of risks.

Big Security Measure #2 – Implement an Information Security Management System (ISMS). The next obvious suggestion is to implement an ISMS that can handle the risks of your BigData resources and do it as thoroughly as possible. Make sure that requirements for an ISO/IEC 27001:2013 Information Security Management System are well implemented and understood by the organization. Use a multilayered “holistic” defense approach because you’ll have to deal with holistic Cyber-attacks. Be aware of the many extremes in BigData will need a bunch of extremely good, reliable and clever solutions. A typical implementation is one third devoted to technical solutions and two thirds for organizational necessities such as policies and procedures, continuous planning, training, reviews and risk analysis.

Big Security Measure #3 – Encryption of your BigData. Security of data needs encryption. For emails and documents, software,  files&folders, archives, multi-factor authentication, and more. Security needs a seamless setup and no gaps. If you have 4000 employees it will not work if you buy and implement email encryption for 50 or even 500 employees.

Big Security Measure #4 – Staff Awareness. One should never underestimate the importance of a relevant, engaging and repeated security training for your entire staff. Clever and well educated employees with high security awareness are the best “insurance” against Cyber- aggression. Big Data Security Defense can only be successful if you fully integrate People, Processes and Technology into your defense strategy. If you miss only one of these topics, chances are good that you will face a serious damage of your most valuable information. Security depends on people more than on technology;

  • employees are a far greater threat to information security than outsiders;
  • security is like a chain. It is only as strong as its weakest link;
  • the degree of security depends on three factors: the risk you are willing to take, the functionality of the system and the costs you are prepared to pay;
  • security is not a status or a snapshot, but a running process.

Big Security Measure # 5 – Take Care of Security. Many studies have shown that the cost of an attack outweighs the cost of establishing a sufficient degree of security. All companies will sooner or later try to secure their data and data access tools. Some will be proactive and some will do it after they discover that their data has been stolen. The cost and effort to implement the security systems will be the same.  But the proactive companies will avoid the cost and embarrassment of having their data compromised. There is an old proverb that fits well to Big Security: “You snooze, you lose”. OPTIQUE and a tailor-made security will help you to win.

UlrichUlrich Schniedermeier is Managing Partner of 2U Agentur fuer InformatiosTechnologie GmbH, Munich, Germany. Since more than a decade, 2U-IT serves its customers as Consulting & Service Company for IT Security.

2U-IT is an OPTIQUE Network Partner