Keith prabhu  global high on cloud summit
Upcoming SlideShare
Loading in...5

Like this? Share it with your network


Keith prabhu global high on cloud summit






Total Views
Views on SlideShare
Embed Views



2 Embeds 21 20 1



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Keith prabhu global high on cloud summit Presentation Transcript

  • 1. www.confidis.coTechnology ConsultingBig DataSecurity & PrivacyJune 13, 2013Keith PrabhuMaster of Business (Australia), CCSK, MBCI, CISSP, CISAExecutive Director, Confidis Advisory ServicesFounder & Director, Cloud Security Alliance, Mumbai Chapter
  • 2. www.confidis.coSTORYLINEWhat is Big DataWhy is it soexciting?Key ConcernsSecurityPrivacyMeasures
  • 3. www.confidis.coWhat is Big Data• The world in creating ever more data• Data created:• 150 exabytes in 2005• Exabyte is a BILLION gigabytes = 10BILLION copies of the Economist• 1200 exabytes in 2010• 35000 exabytes in 2020 (forecast by IBM)• You know Big Data when you see it…• Traditional RDBMS cannot be used tomanage itBig, Cheap, Easy Data Management is Big Data!
  • 4. www.confidis.coWhy is it so exciting?• Law Enforcement: Big Data is being usedto predict crimes in Los Angeles• Healthcare: Google Flu Trends predictsand locates outbreaks of flu• Retail: Used in retail management bycompanies like Wal-Mart• Online: Online analytics like Amazon’s“Customers Who Bought This Also Bought”feature• Electricity grids: Big Data analysis ofSmart Grid data• Share trading: Beating the share marketthrough use of sophisticated data analyticsusing Big Data• Traffic Management,• Payments….the list goes on…
  • 5. www.confidis.coKey Concerns - DefiningIT SecurityPrivacyPrivacy is the ability of anindividual or group• to seclude themselves• or information aboutthemselves• and thereby revealthemselves selectivelySource: wikipedia• Confidentiality• Integrity• Availability
  • 6. www.confidis.coPrivacy Issues• Incentivizes collection and longer retention of data• Aggregation and mining of combined data sets violatesprivacy• People don’t know how much data is being collected andhow it is being used• It makes big institutions “knowledge-powerful”• Widens the gap between have’s and have-not’s• Inferences based on data analysis can be used to treatpeople unfairly• Incorrect inferences can be used by law enforcement• Will lead to chilling effects, due to being under amacroscope Source: Eight Problems With “Big Data”, ACLU,, April 2012
  • 7. www.confidis.coRecommended Measures• De-identification of data• Legal guarantees• Data minimization• Data transparency• Data Security• Incentivize data providers (people)• Disclosure of logic used to arrive at inferencesSource: Big Data for All: Privacy and User Control in the Age of Analytics,Northwestern Journal of Technology and Intellectual Property
  • 8. www.confidis.coSecurity - IssuesSource: Top Ten Security and Privacy and Security Challenges for Big Data, Cloud SecurityAlliance
  • 9. www.confidis.coSecurity – Architectural IssuesSource: Securing Big Data: Security Recommendations for Hadoop & No SQL Environments,Securosis• Distributed nodes• ‘Sharded’ data• Data access/ownership• Inter-node communication• Client interaction• NoSecurity
  • 10. www.confidis.coSecurity – Operational IssuesSource: Securing Big Data: Security Recommendations for Hadoop & No SQL Environments,Securosis• Data at rest protection• Administrative data access• Configuration and patch management• Authentication of applications and nodes• Audit and logging• Monitoring, filtering, and blocking• API Security
  • 11. www.confidis.coRecommended Measures• Use Kerberos for node authentication• Use file layer encryption• Use key management• Deployment validation• Logging!• Use secure communicationSource: Securing Big Data: Security Recommendations for Hadoop & No SQL Environments,Securosis
  • 12. www.confidis.coCSA – Big Data Initiatives 2013
  • 13. www.confidis.coCloud Security Alliance• Global, not-for-profit organization• Over 45,000+ individual members, 100+ corporatemembers• Building best practices and a trusted cloud ecosystem• Agile philosophy, rapid development of appliedresearch− GRC: Balance compliance with risk management− Reference models: build using existing standards− Identity: a key foundation of a functioning cloudeconomy− Champion interoperability− Advocacy of prudent public policy“To promote the use of best practices for providingsecurity assurance within Cloud Computing, andprovide education on the uses of Cloud Computing tohelp secure all other forms of computing.”Join: Cloud Security Alliance, Mumbai Chapter on LinkedIn(
  • 14. www.confidis.coThank You!
  • 15. www.confidis.coContact UsFor any furtherinformation,please contact:Keith PrabhuExecutive DirectorConfidis Advisory ServicesPrivate LimitedEmail: info @ confidis DOT co