SlideShare a Scribd company logo

Five_Big_Data_Security_Pitfalls

Laris Orman
Laris Orman
1 of 9
Download to read offline
5 Jeremy Stieglitz Vice President, Product Management FIVE BIG DATA SECURITY PITFALLS TO AVOID AS DATA BREACHES RISE
BIG DATA can deliver big advantages. Platforms, including Hadoop and NoSQL, can hand companies unprecedented analytics, significant cost savings, and performance advantages over traditional architectures such as data ware- houses and data marts. In addition, many web-based companies prefer NoSQL because of its proven advantages in data flexibility, scalability and performance. But big data also has a dark side that companies need to guard against. As big data technolo- gies are deployed more frequently by a greater number of companies, many are not using a consistent and comprehensive approach to identify their sensitive data and protect it from a breach. Recent attacks on companies including Sony, Anthem, Target and JPMorgan Chase1 demonstrate how significant the financial impact of data breaches can be. To understand where data is vulnerable and prevent against external and internal threats, companies need to take a second look at how their data is secured. Information security threats are real and changing rapidly with security organizations strug- gling to keep up with the changing nature, complexity and scale of attacks. The high-profile attacks of 2014 were proof points that the threat landscape is rapidly mutating as attackers find even more devious ways to bypass security controls. Security and compliance managers are focused on this rapidly evolving landscape and developing capabilities for handling new threats. This isn’t a straightforward task. Securing big data involves multiple barriers and challenges. Transition speeds, data volume and the number of environments across large distributed installations all continue to increase. The diversity of data sources and data types and the streaming nature of data acquisition are also ramping up. 1 Credit Union Times, “10 Biggest Data Breaches of 2014,” Robert McGarvey–http://www.cutimes.com/2014/10/06/10-biggest-da- ta-breaches-of-2014-so-far?page=11 FIVE BIG DATA SECURITY PITFALLS TO AVOID AS DATA BREACHES RISE DATAGUISE, INC. 2201 WALNUT AVE. STE 260 FREMONT, CA 94538 877.632.0522 1
Risks persist for the many companies that still rely on security measures such as perime- ter-based security or stock data protection. These traditional solutions are designed for static data so leave gaps in protection and expose sensitive data to potential threats. What other pitfalls should be avoided when trying to protect big data? Here are five common mistakes that leave companies at risk. DATAGUISE, INC. 2201 WALNUT AVE. STE 260 FREMONT, CA 94538 877.632.0522 2
DATAGUISE, INC. 2201 WALNUT AVE. STE 260 FREMONT, CA 94538 877.632.0522 MANY1 organizations run Hadoop or NoSQL databases in a trusted environment, buried behind existing corporate security solutions and firewalls. While this may provide a measure of protection against external threats it creates dangerous vulnerabilities to insider attacks. Companies using this approach should consider implementing insider threat mitigation at both the data and physical levels, also taking steps to protect computers and servers. As recent attacks have proven, a disgruntled employee with system access can cause enormous damage to a company’s brand, customer trust and financial bottom line. RUNNING DATABASES IN A “TRUSTED” ENVIRONMENT 3 !
DATAGUISE, INC. 2201 WALNUT AVE. STE 260 FREMONT, CA 94538 877.632.0522 HIGHER2 levels of access to sensitive data translate into a higher potential for a breach. Limiting employees to the amount of access they need to do their jobs and organizing physical workspaces with access barriers requiring the proper credentials are important ways to reduce internal threats. Consider ratchet- ing down access, limiting the number of “need to know” employees who have access to conduct management, monitoring and analytics. LOOSE ACCESS CONTROL 4
DATAGUISE, INC. 2201 WALNUT AVE. STE 260 FREMONT, CA 94538 877.632.0522 TRADITIONAL3 static data protection solutions can leave unencrypted/unmasked sensitive data exposed during migrations out of secure storage volumes to networked devices. This is an outdated technique for today’s enterprise environments that increases exposure to both internal and external threats, depending on where and how the data is moved. Changing to a dynamic data protection strategy allows organizations to apply rules based on user access levels for the encryption or masking of data as it is being accessed so sensitive data remains secure. STATIC PROTECTION SCHEMES 5
DATAGUISE, INC. 2201 WALNUT AVE. STE 260 FREMONT, CA 94538 877.632.0522 THREATS4 are now more granular, targeting information at the data level. If you don’t know where your sensitive data is, you cannot protect it. Successfully securing data begins with knowing the location and risk potential of the sensitive information in big data repositories. This is the first step in planning and developing compliance strategies to ensure PII readiness. Continuously discovering and flagging sensitive data assets is critical to define the requirements for compliance readi- ness. It also helps to inventory and guard against inadvertent exposures of duplicate data, particularly given the growing challenge of copy data. With a strong discovery solution in place, administrators should then filter data based on priority in the following order: redact/delete, mask, encrypt, and plaintext with strong access control. Without this approach, sensitive data may go completely unprotected. INADEQUATE SOLUTIONS FOR DETECTING SENSITIVE DATA 6
DATAGUISE, INC. 2201 WALNUT AVE. STE 260 FREMONT, CA 94538 877.632.0522 ENTITLEMENT5 LACK OF ENTITLEMENT, MONITORING AND AUDITING and sensitive data access auditing provide fine-grained access visibility and help companies deal with compliance and insider security threats. Faced with a wide range of financial, privacy, and health information regulations such as the Health Insurance Portability and Accountability Act, European Privacy Directive, and the Sarbanes-Oxley Act, companies are often “in the dark” about who has accessed their sensitive data, how much, and how often. In fact, several breaches have occurred through the slow drip of incremental access. More effective activity monitoring, as well as the ability to show and map who can access what data over time, can mitigate these losses. 7 ? ? ? ?
DATAGUISE, INC. 2201 WALNUT AVE. STE 260 FREMONT, CA 94538 877.632.0522 REMEMBER basic security measures–including operating system updates, third-party applications, anti-virus software, and firewalls–are critical starting points of any corporate security strategy. These IT security actions may be rudimentary but provide a necessary speed bump to incoming threats, limiting the amount of data to what is necessary. Big data is by definition “big” because of the large volume and vast range of information types it contains as well as the speed at which it can be created, collected and analyzed. These attributes present a double-edged sword. Big data can empower companies with competitive advantages–but it also creates new and constantly evolving challenges for securing the sensitive data it contains. IT professionals struggling to guard against data breaches are often limited by legacy strategies that leave gaps and permit access to those who shouldn’t have access. In contrast, a data-centric security approach focuses on where threats can have an impact–at the data level. By understanding where security infrastructure is fundamentally weak and allocating resources accordingly, companies can detect, protect and audit their sensitive data while complying with corporate and government mandates. This means companies are able to leverage the power of big data while guarding against its dark side. BEGIN WITH BASICS AND BUILD FROM THERE 8

Recommended

Big data security
Big data securityBig data security
Big data securityAnne ndolo
 
The Three Pitfalls of Data Security
The Three Pitfalls of Data SecurityThe Three Pitfalls of Data Security
The Three Pitfalls of Data SecurityMarkLogic
 
Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...Ulf Mattsson
 
The BYOD Security Battleground
The BYOD Security BattlegroundThe BYOD Security Battleground
The BYOD Security BattlegroundWatchful Software
 
Big Data Dectives
Big Data DectivesBig Data Dectives
Big Data Dectives- Mark - Fullbright
 
Big Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouBig Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouDATAVERSITY
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Preventiondj1arry
 

Recommended

Big data security
Big data securityBig data security
Big data securityAnne ndolo
 
The Three Pitfalls of Data Security
The Three Pitfalls of Data SecurityThe Three Pitfalls of Data Security
The Three Pitfalls of Data SecurityMarkLogic
 
Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...Ulf Mattsson
 
The BYOD Security Battleground
The BYOD Security BattlegroundThe BYOD Security Battleground
The BYOD Security BattlegroundWatchful Software
 
Big Data Dectives
Big Data DectivesBig Data Dectives
Big Data Dectives- Mark - Fullbright
 
Big Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouBig Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouDATAVERSITY
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Preventiondj1arry
 
Is your infrastructure holding you back?
Is your infrastructure holding you back?Is your infrastructure holding you back?
Is your infrastructure holding you back?Gabe Akisanmi
 
Watchful-Corporate-Overview-Q1-16
Watchful-Corporate-Overview-Q1-16Watchful-Corporate-Overview-Q1-16
Watchful-Corporate-Overview-Q1-16Ravindran Vasu
 
The X Factor in Data Centric Security
The X Factor in Data Centric SecurityThe X Factor in Data Centric Security
The X Factor in Data Centric SecurityWatchful Software
 
Convince your board - cyber attack prevention is better than cure
Convince your board - cyber attack prevention is better than cureConvince your board - cyber attack prevention is better than cure
Convince your board - cyber attack prevention is better than cureDave James
 
clearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureclearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureLee Dalton
 
Where data security and value of data meet in the cloud ulf mattsson
Where data security and value of data meet in the cloud ulf mattssonWhere data security and value of data meet in the cloud ulf mattsson
Where data security and value of data meet in the cloud ulf mattssonUlf Mattsson
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network Mighty Guides, Inc.
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving servicesCloudMask inc.
 
Data Breach Guide 2013
Data Breach Guide 2013Data Breach Guide 2013
Data Breach Guide 2013- Mark - Fullbright
 
Protecting Corporate Information in the Cloud
Protecting Corporate Information in the CloudProtecting Corporate Information in the Cloud
Protecting Corporate Information in the CloudSymantec
 
Data Privacy Readiness Test
Data Privacy Readiness TestData Privacy Readiness Test
Data Privacy Readiness TestDruva
 
Protecting Corporate Data When an Employee Leaves: Survey and Best Practices
Protecting Corporate Data When an Employee Leaves: Survey and Best PracticesProtecting Corporate Data When an Employee Leaves: Survey and Best Practices
Protecting Corporate Data When an Employee Leaves: Survey and Best PracticesDruva
 
Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for SecurityJoey Jablonski
 
Where in the world is your Corporate data?
Where in the world is your Corporate data?Where in the world is your Corporate data?
Where in the world is your Corporate data?Ashish Patel
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdSusan Darby
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incDruva
 
BCP Expo Presentation and company overview final ver. 1.0
BCP Expo Presentation and company overview final ver. 1.0BCP Expo Presentation and company overview final ver. 1.0
BCP Expo Presentation and company overview final ver. 1.0Julian Samuels
 
BCP Expo Presentation and company overview final ver. 1.0
BCP Expo Presentation and company overview final ver. 1.0BCP Expo Presentation and company overview final ver. 1.0
BCP Expo Presentation and company overview final ver. 1.0Julian Samuels
 
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonAtlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonUlf Mattsson
 
12 facts about backups
12 facts about backups12 facts about backups
12 facts about backupsAaron Zimmerman
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix LLC
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gapxband
 

More Related Content

What's hot

Is your infrastructure holding you back?
Is your infrastructure holding you back?Is your infrastructure holding you back?
Is your infrastructure holding you back?Gabe Akisanmi
 
Watchful-Corporate-Overview-Q1-16
Watchful-Corporate-Overview-Q1-16Watchful-Corporate-Overview-Q1-16
Watchful-Corporate-Overview-Q1-16Ravindran Vasu
 
The X Factor in Data Centric Security
The X Factor in Data Centric SecurityThe X Factor in Data Centric Security
The X Factor in Data Centric SecurityWatchful Software
 
Convince your board - cyber attack prevention is better than cure
Convince your board - cyber attack prevention is better than cureConvince your board - cyber attack prevention is better than cure
Convince your board - cyber attack prevention is better than cureDave James
 
clearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureclearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureLee Dalton
 
Where data security and value of data meet in the cloud ulf mattsson
Where data security and value of data meet in the cloud ulf mattssonWhere data security and value of data meet in the cloud ulf mattsson
Where data security and value of data meet in the cloud ulf mattssonUlf Mattsson
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network Mighty Guides, Inc.
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving servicesCloudMask inc.
 
Protecting Corporate Information in the Cloud
Protecting Corporate Information in the CloudProtecting Corporate Information in the Cloud
Protecting Corporate Information in the CloudSymantec
 
Data Privacy Readiness Test
Data Privacy Readiness TestData Privacy Readiness Test
Data Privacy Readiness TestDruva
 
Protecting Corporate Data When an Employee Leaves: Survey and Best Practices
Protecting Corporate Data When an Employee Leaves: Survey and Best PracticesProtecting Corporate Data When an Employee Leaves: Survey and Best Practices
Protecting Corporate Data When an Employee Leaves: Survey and Best PracticesDruva
 
Where in the world is your Corporate data?
Where in the world is your Corporate data?Where in the world is your Corporate data?
Where in the world is your Corporate data?Ashish Patel
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdSusan Darby
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incDruva
 
BCP Expo Presentation and company overview final ver. 1.0
BCP Expo Presentation and company overview final ver. 1.0BCP Expo Presentation and company overview final ver. 1.0
BCP Expo Presentation and company overview final ver. 1.0Julian Samuels
 
BCP Expo Presentation and company overview final ver. 1.0
BCP Expo Presentation and company overview final ver. 1.0BCP Expo Presentation and company overview final ver. 1.0
BCP Expo Presentation and company overview final ver. 1.0Julian Samuels
 
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonAtlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonUlf Mattsson
 

What's hot (20)

Is your infrastructure holding you back?
Is your infrastructure holding you back?Is your infrastructure holding you back?
Is your infrastructure holding you back?
 
Watchful-Corporate-Overview-Q1-16
Watchful-Corporate-Overview-Q1-16Watchful-Corporate-Overview-Q1-16
Watchful-Corporate-Overview-Q1-16
 
The X Factor in Data Centric Security
The X Factor in Data Centric SecurityThe X Factor in Data Centric Security
The X Factor in Data Centric Security
 
Convince your board - cyber attack prevention is better than cure
Convince your board - cyber attack prevention is better than cureConvince your board - cyber attack prevention is better than cure
Convince your board - cyber attack prevention is better than cure
 
clearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureclearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochure
 
Where data security and value of data meet in the cloud ulf mattsson
Where data security and value of data meet in the cloud ulf mattssonWhere data security and value of data meet in the cloud ulf mattsson
Where data security and value of data meet in the cloud ulf mattsson
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving services
 
Data Breach Guide 2013
Data Breach Guide 2013Data Breach Guide 2013
Data Breach Guide 2013
 
Protecting Corporate Information in the Cloud
Protecting Corporate Information in the CloudProtecting Corporate Information in the Cloud
Protecting Corporate Information in the Cloud
 
Data Privacy Readiness Test
Data Privacy Readiness TestData Privacy Readiness Test
Data Privacy Readiness Test
 
Protecting Corporate Data When an Employee Leaves: Survey and Best Practices
Protecting Corporate Data When an Employee Leaves: Survey and Best PracticesProtecting Corporate Data When an Employee Leaves: Survey and Best Practices
Protecting Corporate Data When an Employee Leaves: Survey and Best Practices
 
Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for Security
 
Where in the world is your Corporate data?
Where in the world is your Corporate data?Where in the world is your Corporate data?
Where in the world is your Corporate data?
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sd
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva inc
 
BCP Expo Presentation and company overview final ver. 1.0
BCP Expo Presentation and company overview final ver. 1.0BCP Expo Presentation and company overview final ver. 1.0
BCP Expo Presentation and company overview final ver. 1.0
 
BCP Expo Presentation and company overview final ver. 1.0
BCP Expo Presentation and company overview final ver. 1.0BCP Expo Presentation and company overview final ver. 1.0
BCP Expo Presentation and company overview final ver. 1.0
 
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonAtlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
 
12 facts about backups
12 facts about backups12 facts about backups
12 facts about backups
 

Similar to Five_Big_Data_Security_Pitfalls

Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix LLC
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gapxband
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data securityKeith Braswell
 
Big data security
Big data securityBig data security
Big data securityAnne ndolo
 
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...Ulf Mattsson
 
Why Data-Centric Security Needs to be a Top Priority for Enterprises.pdf
Why Data-Centric Security Needs to be a Top Priority for Enterprises.pdfWhy Data-Centric Security Needs to be a Top Priority for Enterprises.pdf
Why Data-Centric Security Needs to be a Top Priority for Enterprises.pdfEnterprise Insider
 
ebook.driving decision-making, security
ebook.driving decision-making, securityebook.driving decision-making, security
ebook.driving decision-making, securityRoman Chanclor
 
Isaca global journal - choosing the most appropriate data security solution ...
Isaca global journal - choosing the most appropriate data security solution ...Isaca global journal - choosing the most appropriate data security solution ...
Isaca global journal - choosing the most appropriate data security solution ...Ulf Mattsson
 
Data foundation for analytics excellence
Data foundation for analytics excellenceData foundation for analytics excellence
Data foundation for analytics excellenceMudit Mangal
 
Nuestar "Big Data Cloud" Major Data Center Technology nuestarmobilemarketing...
Nuestar "Big Data Cloud" Major Data Center Technology nuestarmobilemarketing...Nuestar "Big Data Cloud" Major Data Center Technology nuestarmobilemarketing...
Nuestar "Big Data Cloud" Major Data Center Technology nuestarmobilemarketing...IT Support Engineer
 
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data AssetsFS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data AssetsPuneet Kukreja
 
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET Journal
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemBernard Marr
 
Strategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationStrategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationBooz Allen Hamilton
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
ZoomLens - Loveland, Subramanian -Tackling Info Risk
ZoomLens - Loveland, Subramanian -Tackling Info RiskZoomLens - Loveland, Subramanian -Tackling Info Risk
ZoomLens - Loveland, Subramanian -Tackling Info RiskJohn Loveland
 

Similar to Five_Big_Data_Security_Pitfalls (20)

Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdf
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gap
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
 
3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data security
 
Big data security
Big data securityBig data security
Big data security
 
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
 
Why Data-Centric Security Needs to be a Top Priority for Enterprises.pdf
Why Data-Centric Security Needs to be a Top Priority for Enterprises.pdfWhy Data-Centric Security Needs to be a Top Priority for Enterprises.pdf
Why Data-Centric Security Needs to be a Top Priority for Enterprises.pdf
 
ebook.driving decision-making, security
ebook.driving decision-making, securityebook.driving decision-making, security
ebook.driving decision-making, security
 
Isaca global journal - choosing the most appropriate data security solution ...
Isaca global journal - choosing the most appropriate data security solution ...Isaca global journal - choosing the most appropriate data security solution ...
Isaca global journal - choosing the most appropriate data security solution ...
 
Data foundation for analytics excellence
Data foundation for analytics excellenceData foundation for analytics excellence
Data foundation for analytics excellence
 
Nuestar "Big Data Cloud" Major Data Center Technology nuestarmobilemarketing...
Nuestar "Big Data Cloud" Major Data Center Technology nuestarmobilemarketing...Nuestar "Big Data Cloud" Major Data Center Technology nuestarmobilemarketing...
Nuestar "Big Data Cloud" Major Data Center Technology nuestarmobilemarketing...
 
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data AssetsFS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
 
The Insider Threats - Are You at Risk?
The Insider Threats - Are You at Risk?The Insider Threats - Are You at Risk?
The Insider Threats - Are You at Risk?
 
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data Problem
 
Encrypt-Everything-eB.pdf
Encrypt-Everything-eB.pdfEncrypt-Everything-eB.pdf
Encrypt-Everything-eB.pdf
 
Strategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationStrategic Information Management Through Data Classification
Strategic Information Management Through Data Classification
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS Deck
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
ZoomLens - Loveland, Subramanian -Tackling Info Risk
ZoomLens - Loveland, Subramanian -Tackling Info RiskZoomLens - Loveland, Subramanian -Tackling Info Risk
ZoomLens - Loveland, Subramanian -Tackling Info Risk
 

Five_Big_Data_Security_Pitfalls

  • 1. 5 Jeremy Stieglitz Vice President, Product Management FIVE BIG DATA SECURITY PITFALLS TO AVOID AS DATA BREACHES RISE
  • 2. BIG DATA can deliver big advantages. Platforms, including Hadoop and NoSQL, can hand companies unprecedented analytics, significant cost savings, and performance advantages over traditional architectures such as data ware- houses and data marts. In addition, many web-based companies prefer NoSQL because of its proven advantages in data flexibility, scalability and performance. But big data also has a dark side that companies need to guard against. As big data technolo- gies are deployed more frequently by a greater number of companies, many are not using a consistent and comprehensive approach to identify their sensitive data and protect it from a breach. Recent attacks on companies including Sony, Anthem, Target and JPMorgan Chase1 demonstrate how significant the financial impact of data breaches can be. To understand where data is vulnerable and prevent against external and internal threats, companies need to take a second look at how their data is secured. Information security threats are real and changing rapidly with security organizations strug- gling to keep up with the changing nature, complexity and scale of attacks. The high-profile attacks of 2014 were proof points that the threat landscape is rapidly mutating as attackers find even more devious ways to bypass security controls. Security and compliance managers are focused on this rapidly evolving landscape and developing capabilities for handling new threats. This isn’t a straightforward task. Securing big data involves multiple barriers and challenges. Transition speeds, data volume and the number of environments across large distributed installations all continue to increase. The diversity of data sources and data types and the streaming nature of data acquisition are also ramping up. 1 Credit Union Times, “10 Biggest Data Breaches of 2014,” Robert McGarvey–http://www.cutimes.com/2014/10/06/10-biggest-da- ta-breaches-of-2014-so-far?page=11 FIVE BIG DATA SECURITY PITFALLS TO AVOID AS DATA BREACHES RISE DATAGUISE, INC. 2201 WALNUT AVE. STE 260 FREMONT, CA 94538 877.632.0522 1
  • 3. Risks persist for the many companies that still rely on security measures such as perime- ter-based security or stock data protection. These traditional solutions are designed for static data so leave gaps in protection and expose sensitive data to potential threats. What other pitfalls should be avoided when trying to protect big data? Here are five common mistakes that leave companies at risk. DATAGUISE, INC. 2201 WALNUT AVE. STE 260 FREMONT, CA 94538 877.632.0522 2
  • 4. DATAGUISE, INC. 2201 WALNUT AVE. STE 260 FREMONT, CA 94538 877.632.0522 MANY1 organizations run Hadoop or NoSQL databases in a trusted environment, buried behind existing corporate security solutions and firewalls. While this may provide a measure of protection against external threats it creates dangerous vulnerabilities to insider attacks. Companies using this approach should consider implementing insider threat mitigation at both the data and physical levels, also taking steps to protect computers and servers. As recent attacks have proven, a disgruntled employee with system access can cause enormous damage to a company’s brand, customer trust and financial bottom line. RUNNING DATABASES IN A “TRUSTED” ENVIRONMENT 3 !
  • 5. DATAGUISE, INC. 2201 WALNUT AVE. STE 260 FREMONT, CA 94538 877.632.0522 HIGHER2 levels of access to sensitive data translate into a higher potential for a breach. Limiting employees to the amount of access they need to do their jobs and organizing physical workspaces with access barriers requiring the proper credentials are important ways to reduce internal threats. Consider ratchet- ing down access, limiting the number of “need to know” employees who have access to conduct management, monitoring and analytics. LOOSE ACCESS CONTROL 4
  • 6. DATAGUISE, INC. 2201 WALNUT AVE. STE 260 FREMONT, CA 94538 877.632.0522 TRADITIONAL3 static data protection solutions can leave unencrypted/unmasked sensitive data exposed during migrations out of secure storage volumes to networked devices. This is an outdated technique for today’s enterprise environments that increases exposure to both internal and external threats, depending on where and how the data is moved. Changing to a dynamic data protection strategy allows organizations to apply rules based on user access levels for the encryption or masking of data as it is being accessed so sensitive data remains secure. STATIC PROTECTION SCHEMES 5
  • 7. DATAGUISE, INC. 2201 WALNUT AVE. STE 260 FREMONT, CA 94538 877.632.0522 THREATS4 are now more granular, targeting information at the data level. If you don’t know where your sensitive data is, you cannot protect it. Successfully securing data begins with knowing the location and risk potential of the sensitive information in big data repositories. This is the first step in planning and developing compliance strategies to ensure PII readiness. Continuously discovering and flagging sensitive data assets is critical to define the requirements for compliance readi- ness. It also helps to inventory and guard against inadvertent exposures of duplicate data, particularly given the growing challenge of copy data. With a strong discovery solution in place, administrators should then filter data based on priority in the following order: redact/delete, mask, encrypt, and plaintext with strong access control. Without this approach, sensitive data may go completely unprotected. INADEQUATE SOLUTIONS FOR DETECTING SENSITIVE DATA 6
  • 8. DATAGUISE, INC. 2201 WALNUT AVE. STE 260 FREMONT, CA 94538 877.632.0522 ENTITLEMENT5 LACK OF ENTITLEMENT, MONITORING AND AUDITING and sensitive data access auditing provide fine-grained access visibility and help companies deal with compliance and insider security threats. Faced with a wide range of financial, privacy, and health information regulations such as the Health Insurance Portability and Accountability Act, European Privacy Directive, and the Sarbanes-Oxley Act, companies are often “in the dark” about who has accessed their sensitive data, how much, and how often. In fact, several breaches have occurred through the slow drip of incremental access. More effective activity monitoring, as well as the ability to show and map who can access what data over time, can mitigate these losses. 7 ? ? ? ?
  • 9. DATAGUISE, INC. 2201 WALNUT AVE. STE 260 FREMONT, CA 94538 877.632.0522 REMEMBER basic security measures–including operating system updates, third-party applications, anti-virus software, and firewalls–are critical starting points of any corporate security strategy. These IT security actions may be rudimentary but provide a necessary speed bump to incoming threats, limiting the amount of data to what is necessary. Big data is by definition “big” because of the large volume and vast range of information types it contains as well as the speed at which it can be created, collected and analyzed. These attributes present a double-edged sword. Big data can empower companies with competitive advantages–but it also creates new and constantly evolving challenges for securing the sensitive data it contains. IT professionals struggling to guard against data breaches are often limited by legacy strategies that leave gaps and permit access to those who shouldn’t have access. In contrast, a data-centric security approach focuses on where threats can have an impact–at the data level. By understanding where security infrastructure is fundamentally weak and allocating resources accordingly, companies can detect, protect and audit their sensitive data while complying with corporate and government mandates. This means companies are able to leverage the power of big data while guarding against its dark side. BEGIN WITH BASICS AND BUILD FROM THERE 8