Current Filter: Network>>>>>Opinion>

   

The storage of big data can be a challenge in terms of security, for many reasons. Not only does the amount of data stored have a direct effect on the consequences of a breach, but it also influences the strategic and tactical approaches that should be taken to ensure compliance and privacy.

When producing information for big data, organisations have to ensure that they have the right balance between the utility of the data and its privacy. This follows a process of anonymising the data, encrypting it, putting proper access controls in place with security monitoring and risk assessment, and then making sure that storage complies with local regulations.

ANONYMISING DATA
Before the data is stored it should be adequately anonymised, which involves removing any unique user identifiers. This in itself can be a security challenge, as removing unique identifiers might not be enough to guarantee that the data will remain anonymous. The anonymised data could be cross-referenced with other available data using techniques to de-anonymise it. To combat this, it must also be encrypted.

ENCRYPTION
Both the raw data and the outcome from analytics should be adequately protected with encryption. In the case of cloud services, data cannot be sent encrypted by the users if the cloud needs to perform operations on the data. A solution for this is to use Fully Homomorphic Encryption (FHE). This allows operations to be performed on cloud based, encrypted data, so that new encrypted data will be created on completion. In addition, you must protect communications: data in transit should be adequately protected to ensure its confidentiality and integrity.

ACCESS CONTROL AND SECURITY MONITORING
Adequate access control mechanisms will also be important in protecting data. Access control has traditionally been provided by operating systems or applications restricting access to the information, which typically exposes all the information if the system or application is hacked. A better approach is to protect the information using encryption that only allows decryption if the entity trying to access the information is authorised by a dependable access control policy.

One problem that may need to be overcome is that software commonly used to store big data, such as Hadoop, doesn't always come with default user authentication. This makes access control a little trickier, as a default installation would leave the information open to unauthenticated users. By using real-time security monitoring, access to the data can be monitored and threat intelligence applied in order to prevent unauthorised data access.

RISK ASSESSMENT AND COMPLIANCE
Organisations should undertake risk assessment over collected data and consider if they have collected customer information that should be kept private. If so, they need to establish adequate policies that will protect that data and the clients' right to privacy. They should also carefully account for regional laws around handling customer data, such as the EU Data Directive.

If the data is shared with other organisations then careful consideration needs to be given to how this is done. Deliberately released data that turns out to infringe privacy can have a huge impact on an organisation, including both reputational and economic consequences. Anyone using third party cloud providers to store or process their data needs to ensure that their providers actually comply with regulations.

The main challenge introduced by big data is how to identify sensitive pieces of information that are stored within the unstructured data set, so it is crucial to bear in mind that security is a process, not a product. Therefore, organisations using big data will need to introduce adequate processes and apply traditional information lifecycle management that helps them effectively balance managing and protecting the data, as well as their customers' privacy. NC