Big data initiatives can lead to big security problems for Asia Pacific firms
- 04 April, 2014 04:45
Asia Pacific firms are gradually beginning to understand how important big data is for responding to rising customer expectations and becoming customer-obsessed to gain a competitive edge in the age of the customer. Data from our Forrsights Budgets And Priorities Survey, Q4 2013 shows that 40% of organizations across Asia Pacific expect to increase their spending on big data solutions in 2014.
In addition to traditional structured data (from ERP and other core transactional systems), organizations are increasing seeking insight from unstructured data originating in both internal (IM, email) and external (social networks, sensors) sources to enhance the business value of data. But these initiatives pose a significant challenge to security and risk professionals:
- Protecting sensitive data from fraudsters. Today's fraudsters are active both inside and outside of firms, working to steal business-critical data. Inadequately secured and poorly controlled big data environments can potentially make the job of these malicious actors easier by reducing the number of systems or entry points that they must compromise in order to steal the data they need.For example, the personal data of 20 million South Koreans (40% of the country's population) was stolen by a contract worker at the Korea Credit Bureau.
Not all breaches are intentional, some are unintentional but both lead to loss of data. Poor security practices and the breaches that they enable go beyond data loss at an individual company; such incidents create distrust toward entire industries, social systems, and economies. Whether the data is "internal" or "external," Asia Pacific firms should take immediate steps to prepare for the big data revolution:
- Identify and classify your data. Identify the data that is critical to your business and apply the appropriate security controls to protect it from misuse. Forrester uses the equation 3P + IP = TD to identify sensitive data. The three Ps stand for personal cardholder information (PCI), personal health information (PHI), and personally identifiable information (PII); IP is intellectual property; and TD is toxic data. Toxic data is any data that could damage an organization if the organization loses control of it.
- Encrypt your data. The standard for protecting data at rest and data in transit is encryption, which guards against attempts to access data outside of established application interfaces. With traditional data management systems, we worry about insiders stealing archives or directly reading les from disks. Encrypted les are protected against any user without the appropriate encryption keys. Replication effectively replaces backups for big data, but that doesn't mean that a rogue administrator or cloud service manager won't create their own. Encryption protects data copied from the cluster.
Data is powerful -- but it's also dangerous. The wrong data falling into the wrong hands can have devastating consequences. Start your big data security planning now; building security into big data initiatives early on will reduce costs, risks, and deployment pain. My colleague John Kindervag's "Control And Protect Sensitive Information In The Era Of Big Data" report outlines the future look of Forrester's solution for security and risk executives seeking to develop a holistic strategy to protect and manage sensitive data.