Big data initiatives can lead to big security problems for Asia Pacific firms

Asia Pacific firms are gradually beginning to understand how important big data is for responding to rising customer expectations and becoming customer-obsessed to gain a competitive edge in the age of the customer. Data from our Forrsights Budgets And Priorities Survey, Q4 2013 shows that 40% of organizations across Asia Pacific expect to increase their spending on big data solutions in 2014.

In addition to traditional structured data (from ERP and other core transactional systems), organizations are increasing seeking insight from unstructured data originating in both internal (IM, email) and external (social networks, sensors) sources to enhance the business value of data. But these initiatives pose a significant challenge to security and risk professionals:

  • Protecting sensitive data from fraudsters. Today's fraudsters are active both inside and outside of firms, working to steal business-critical data. Inadequately secured and poorly controlled big data environments can potentially make the job of these malicious actors easier by reducing the number of systems or entry points that they must compromise in order to steal the data they need.For example, the personal data of 20 million South Koreans (40% of the country's population) was stolen by a contract worker at the Korea Credit Bureau.

Not all breaches are intentional, some are unintentional but both lead to loss of data. Poor security practices and the breaches that they enable go beyond data loss at an individual company; such incidents create distrust toward entire industries, social systems, and economies. Whether the data is "internal" or "external," Asia Pacific firms should take immediate steps to prepare for the big data revolution:

  • Identify and classify your data. Identify the data that is critical to your business and apply the appropriate security controls to protect it from misuse. Forrester uses the equation 3P + IP = TD to identify sensitive data. The three Ps stand for personal cardholder information (PCI), personal health information (PHI), and personally identifiable information (PII); IP is intellectual property; and TD is toxic data. Toxic data is any data that could damage an organization if the organization loses control of it.
  • Encrypt your data. The standard for protecting data at rest and data in transit is encryption, which guards against attempts to access data outside of established application interfaces. With traditional data management systems, we worry about insiders stealing archives or directly reading les from disks. Encrypted les are protected against any user without the appropriate encryption keys. Replication effectively replaces backups for big data, but that doesn't mean that a rogue administrator or cloud service manager won't create their own. Encryption protects data copied from the cluster.

Data is powerful -- but it's also dangerous. The wrong data falling into the wrong hands can have devastating consequences. Start your big data security planning now; building security into big data initiatives early on will reduce costs, risks, and deployment pain. My colleague John Kindervag's "Control And Protect Sensitive Information In The Era Of Big Data" report outlines the future look of Forrester's solution for security and risk executives seeking to develop a holistic strategy to protect and manage sensitive data.

Join the CSO newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicesapplicationssecurityMailsocial networkingsoftwaresocial mediainternetData managementbusiness intelligence

More about Technology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Manatosh Das (Forrester)

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place