2. The Perfect Storm 1991
It was the storm of the century, boasting waves
over one hundred feet high a tempest created
by so rare a combination of factors that
meteorologists deemed it "the perfect storm."
When it struck in October 1991, there was
virtually no warning.
*: http://books.wwnorton.com/books/detail.aspx?ID=5102
2
3. The Perfect Storm
Increased
profits
Customer
Regulations Support
& Breaches Increased
profits
Social
Media
Big
Data
Sales & Business
Marketing Improvement
Increased
profits Increased
Customer Security profits
Profiles Analysis
Increased Increased
profits profits
3
4. Perfect storm
Increased Breach or
Weaker
More Data Regulations Audit Fail
Security
($$$)
4
5. The Perfect Storm
Big Data is a Time Bomb based on how things are
coming together
Big Data deployment is growing fast, rushing into it
• ROI in focus
• Security is not part of Strategy
Shortage in Big Data skills
• People don’t know what they are doing
Big Data Security solutions are not effective
General shortage in Security skills
5
6. Mankind Created Data
Data
40000
(exabyte)
35000
30000
25000
20000
15000
10000
5000
0
2005 2010 2015 2020 Year
Source: IBM
6
14. How is Big Data Different?
Why It’s Different Architecturally:
• Shared’ data
• Inter-node communication
• No separate archive – all data is online
• No Security – breaches go undetected
Why It’s Different Operationally:
• Insider data access
• Authentication of applications and nodes
• Audit and logging
Source: Securosis SecuringBigData_FINAL.pdf
14
22. One Single Sample: The Chinese APT1 group
Compromised 141 companies in 20 industries
Stole hundreds of terabytes of data
Technology blueprints, Proprietary manufacturing processes,
Test results, Business plans, Pricing documents, Partnership
agreements, Emails
*: http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf
22
23. Dominating “hacktivism”
Attacks by Anonymous include
• 2012: CIA and Interpol
• 2011: Sony, Stratfor and HBGary Federal
Source: http://www.verizonbusiness.com/Products/security/dbir/, http://en.wikipedia.org/wiki/Timeline_of_events_involving_Anonymous
23
25. DataLossBD - Incidents Over Time - Increasing
http://public.dhe.ibm.com/common/ssi/ecm/en/wgl03027usen/WGL03027USEN.PDF
25
26. Breakout of Security Incidents by Country
26 http://public.dhe.ibm.com/common/ssi/ecm/en/wgl03027usen/WGL03027USEN.PDF
27. Ranking Volume and Type of Security Incidents*
*: % of Escalated Alerts
http://public.dhe.ibm.com/common/ssi/ecm/en/wgl03027usen/WGL03027USEN.PDF
27
30. Cost of Data Breach per Record
Independently Conducted by Ponemon Institute LLC March 2012
http://www.symantec.com/content/en/us/about/media/pdfs/b-ponemon-2011-cost-of-data-breach-global.en-us.pdf
30
31. How are Breaches Discovered?
Notified by law enforcement
Third-party fraud detection (e.g., CPP)
Reported by customer/partner affected
Brag or blackmail by perpetrator
Unknown
Witnessed and/or reported by employee
Other(s)
Internal fraud detection mechanism
Financial audit and reconciliation process
Log analysis and/or review process
Unusual system behavior or performance
0 10 20 30 40 50 60 70 %
By percent of breaches . Source: 2012, http://www.verizonbusiness.com/Products/security/dbir/
31
34. HIPAA Omnibus - Penalties if PHI isn’t encrypted
http://www.diagnosticimaging.com/physicians-experts-make-case-secure-data-exchange-himss13
34
35. Regulations: Be Proactive in Protecting Data
Big Data must prepare for the changing landscape
• Trend: Encryption requirements are increasing
PCI DSS, US State Laws
Health Data Regulations
• Need for Data Segmentation (tokenization, encryption
or masking)
• Extra Sensitive Data (drug abuse, HIV codes, sex
abuse and more)
Ponemon Institute “Big Data Analytics in Cyber
Defense”
• 61 percent will solve pressing security issues
• Only 35 percent currently have security solutions
35
36. Balancing security and data insight
Tug of war between security and data insight
Big Data is designed for access, not security
Privacy regulations require de-identification which
creates problems with privileged users in an access
control security model
Only way to truly protect data is to provide data-
level protection
Traditional means of security don’t offer granular
protection that allows for seamless data use
36
38. The Solution - Preventing Misuse of Data
Attackers
User Hackers
Application
Unvetted
Applications
Data Misuse
Prevention
Ad Hoc
Data Processes
Protection
Policy Privileged
Users
Administrators
Selective Data
Protection
Issued
Patents
38
39. Support Business Applications
4 digits clear
90% 98 %
Application
transparent
6 digits clear
8%
6 digits
encoded
2%
2 % Application
changes
PAN
39
40. How can we handle the Risk with Big Data?
Risk
High
Traditional
Access
Control Creativity
Happens
At the edge
Low Data Tokens
Access
I I
Right Level
Less More
Small Data Big Data
40
41. Securing the Data Flow
ETL Tools BI Reporting RDBMS
Pig (Data Flow) Hive (SQL) Sqoop
MapReduce
(Job Scheduling/Execution System)
Hbase (Column DB)
HDFS
(Hadoop Distributed File System)
Legacy Systems Big Data Legacy Systems
41
42. Support Data Classification and Analytics
Application
Data in Clear Encrypted File
Secured Data Fields
(encoded)
42
43. The Process of Automating Security for Big Data
Discover sensitive data
Understand
Control
usage of Implement
Monitor Big Data Integrate Solution
sensitive
data
Secure
Lock down sensitive data
43
45. Big Data Security Problem - Summary
Traditional security solutions cannot bridge the gaps
between
1. Data breach protection and compliance
2. Provide powerful analysis and data insight
3. Utilize the power of a big data environment.
45
46. Proactive Data Protection for Big Data
Know your data flow
• Protect the data flow - including legacy systems
Protecting your data now could save big time and $ in retroactive
security later
• Breaches and audits are on the rise – Organizations that fail to act now risk
losing their hard earned investments.
Granular data protection is cost effective
• Addressing regulations and data breaches
• Data available for analytics and other usage
• Provide separation of duties for administrative functions
Catch abnormal access to data
• Including (compromised) insider accounts
46