Big data protection - how to start and minimize possible risks?
Previously, only large-scale organizations, for example, government agencies or large enterprises, could afford serious infrastructure for storing and analyzing Big Data. Today, as technology becomes more and more accessible, big data is becoming more and more diverse in various fields. At the same time, as in the case of many other new technologies, the development of big data not only opens up opportunities, but also involves many difficulties, and many organizations are wondering how they should best deal with the accumulated data?
One of the most difficult tasks is to analyze Big data in order to get a general picture and ideas that contribute to making better decisions and improving business efficiency. Instead of relying on the analysis carried out by specialists, modern organizations are increasingly using machine learning technologies and cognitive technologies that often allow for more efficient use of big data.
The report of the Cloud Security Alliance, published under the “Big Data Security and Privacy Guide: 100 Best Practices Guide”, reports that information security vulnerabilities are determined by the diversity of sources and formats of large data, the streaming nature of data collection, and the need to transfer data between distributed cloud infrastructures . In addition, large amounts of such data contribute to an increase in the attack surface.
')
In other words, the very attributes that actually define Big Data are the factors that influence the vulnerability of the data: a large amount, a variety of sources and formats, and their transfer speed.
The usefulness and confidentiality of data are often mutually exclusive concepts. Of course, if we provide all users with free and free access to the data, the interested parties will make the most complete and effective use of this data. But this can hardly be called the right decision. Fortunately, a reasonable balance can be achieved between providing the necessary data access and restricting unauthorized access.
Ensuring security and encrypting large amounts of data is not an easy task. According to Gemalto 2015 Breach Level Index data leakage severity index, today more and more organizations are not able to prevent data leaks and protect their information assets, regardless of the size of these assets.
The authors of the Data Security and Privacy Guidelines claim that “traditional security mechanisms designed to protect small amounts of static data located behind firewalls in semi-isolated networks are no longer enough to protect against modern threats.”
Security solutions should not affect system performance and should not lead to delays. Anyway, high speed data access is one of the key defining characteristics of Big Data.
Often, working with big data involves the processing of publicly available data — for example, about the nature of traffic or population statistics. The common solution in this case is to anonymize the data. But unfortunately, this is not enough.
In the same way as in the case of organizations' IT assets, when perimeter protection technologies are no longer able to provide an adequate level of security, Big Data has already “grown” out of the techniques that were used to protect data at the very beginning of the development of these technologies. Today, anonymization does not provide a sufficient level of security, especially against the background of the emergence of all new data arrays, as a result of which it becomes possible to combine these data sets to extract personal information. And, of course, anonymization has never been an effective way to protect large amounts of proprietary data.
However, among the best practices mentioned in the CSA Guidebook is the need to eliminate the possibility of de-identify data . All personally identifiable information (personally identifiable information, PII), including names, addresses, insurance numbers, etc. must either be hidden (mask) or removed from this data.
Although the de-identification procedure itself, as a result of which it is impossible to extract data from the received data files for identification, is not sufficient, it may be an important and effective element of a larger security strategy.
Although leak prevention is still one of the important elements of IT security strategy, this measure also does not completely solve the problem. According to the “2016 Data Security Confidence Index” confidence index, despite the growing number of data leaks and more than 3.9 billion stolen records worldwide over the past three years, two thirds of IT managers expect unauthorized users to access their networks, but the manual does not allocate special means for data encryption.
Based on research, the Gemalto Breach Level Index made the following recommendations: “A modern security strategy involves changing the thinking paradigm and includes implementing solutions that allow you to control access and authenticate users, provide encryption of all critical data , and secure management and storage of all encryption keys. "
As with any other aspect of information security, big data security should involve a multi-layered approach to ensure maximum efficiency. Security should be considered as a complex of different levels, which includes not only efforts to prevent leaks, but also measures to mitigate the effects of leaks.
Organizations should protect data, not just the perimeter, and all this should be carried out simultaneously with measures aimed at ensuring the safety of leaks, which implies both the protection of the data itself and the protection of users working with this data. In addition, organizations should provide secure storage and management of all encryption keys, as well as access control and user authentication.
Sadly, if you try to build up a proper backdating of big data, it can be more difficult than if you organize such protection right from the start. Comprehensive, comprehensive protection involves not only data encryption during their life cycle — during storage and during movement, but also their protection from the very beginning of your Big Data project.
Today, security issues are too often relegated to the background, they are reluctant to deal with, and security procedures are perceived as an annoying delay when you launch a new application or project. But if from the very beginning you pay due attention to this issue and implement a comprehensive program for encrypting big data with several complete protection rings, this will help minimize the risks to your business and save you from the many unpleasant consequences that data leakage can cause - as users and companies.
One of the most difficult tasks is to analyze Big data in order to get a general picture and ideas that contribute to making better decisions and improving business efficiency. Instead of relying on the analysis carried out by specialists, modern organizations are increasingly using machine learning technologies and cognitive technologies that often allow for more efficient use of big data.
Sources of Information Security Vulnerability
The report of the Cloud Security Alliance, published under the “Big Data Security and Privacy Guide: 100 Best Practices Guide”, reports that information security vulnerabilities are determined by the diversity of sources and formats of large data, the streaming nature of data collection, and the need to transfer data between distributed cloud infrastructures . In addition, large amounts of such data contribute to an increase in the attack surface.
')
In other words, the very attributes that actually define Big Data are the factors that influence the vulnerability of the data: a large amount, a variety of sources and formats, and their transfer speed.
Seeking a balance between accessibility and access restrictions
The usefulness and confidentiality of data are often mutually exclusive concepts. Of course, if we provide all users with free and free access to the data, the interested parties will make the most complete and effective use of this data. But this can hardly be called the right decision. Fortunately, a reasonable balance can be achieved between providing the necessary data access and restricting unauthorized access.
Ensuring security and encrypting large amounts of data is not an easy task. According to Gemalto 2015 Breach Level Index data leakage severity index, today more and more organizations are not able to prevent data leaks and protect their information assets, regardless of the size of these assets.
The authors of the Data Security and Privacy Guidelines claim that “traditional security mechanisms designed to protect small amounts of static data located behind firewalls in semi-isolated networks are no longer enough to protect against modern threats.”
Security solutions should not affect system performance and should not lead to delays. Anyway, high speed data access is one of the key defining characteristics of Big Data.
Privacy Protection
Often, working with big data involves the processing of publicly available data — for example, about the nature of traffic or population statistics. The common solution in this case is to anonymize the data. But unfortunately, this is not enough.
In the same way as in the case of organizations' IT assets, when perimeter protection technologies are no longer able to provide an adequate level of security, Big Data has already “grown” out of the techniques that were used to protect data at the very beginning of the development of these technologies. Today, anonymization does not provide a sufficient level of security, especially against the background of the emergence of all new data arrays, as a result of which it becomes possible to combine these data sets to extract personal information. And, of course, anonymization has never been an effective way to protect large amounts of proprietary data.
However, among the best practices mentioned in the CSA Guidebook is the need to eliminate the possibility of de-identify data . All personally identifiable information (personally identifiable information, PII), including names, addresses, insurance numbers, etc. must either be hidden (mask) or removed from this data.
Although the de-identification procedure itself, as a result of which it is impossible to extract data from the received data files for identification, is not sufficient, it may be an important and effective element of a larger security strategy.
The need to encrypt big data
Although leak prevention is still one of the important elements of IT security strategy, this measure also does not completely solve the problem. According to the “2016 Data Security Confidence Index” confidence index, despite the growing number of data leaks and more than 3.9 billion stolen records worldwide over the past three years, two thirds of IT managers expect unauthorized users to access their networks, but the manual does not allocate special means for data encryption.
Based on research, the Gemalto Breach Level Index made the following recommendations: “A modern security strategy involves changing the thinking paradigm and includes implementing solutions that allow you to control access and authenticate users, provide encryption of all critical data , and secure management and storage of all encryption keys. "As with any other aspect of information security, big data security should involve a multi-layered approach to ensure maximum efficiency. Security should be considered as a complex of different levels, which includes not only efforts to prevent leaks, but also measures to mitigate the effects of leaks.
Organizations should protect data, not just the perimeter, and all this should be carried out simultaneously with measures aimed at ensuring the safety of leaks, which implies both the protection of the data itself and the protection of users working with this data. In addition, organizations should provide secure storage and management of all encryption keys, as well as access control and user authentication.
Comprehensive data protection
Sadly, if you try to build up a proper backdating of big data, it can be more difficult than if you organize such protection right from the start. Comprehensive, comprehensive protection involves not only data encryption during their life cycle — during storage and during movement, but also their protection from the very beginning of your Big Data project.
Today, security issues are too often relegated to the background, they are reluctant to deal with, and security procedures are perceived as an annoying delay when you launch a new application or project. But if from the very beginning you pay due attention to this issue and implement a comprehensive program for encrypting big data with several complete protection rings, this will help minimize the risks to your business and save you from the many unpleasant consequences that data leakage can cause - as users and companies.
Source: https://habr.com/ru/post/320214/
All Articles