Big data can mean big breaches

Published: March 27, 2012 by ofonseca

As companies accumulate vast amount of data to improve their business intelligence, the risks of data breaches accumulate accordingly.  While organizations are rapidly increasing their ability to store, process and analyze huge amount of information collected from social networks, sensors, IT systems and other sources, they’re often failing to consider that much of this data can be personal, sensitive and subject to regulation.  A recent Forrester report highlights the escalating security threats of this sort of “big data processing,” meaning the tools and techniques that handle extreme data volumes and formats.

The report underscores the importance of identifying the “toxic data” within these big data stores – in other words, the kind of data that will spell big trouble if it slips from an organization’s control.  This includes credit card numbers, personally identifiable information (PII) like Social Security Numbers, and personal health information (PHI) — and sensitive intellectual property, including business plans and product designs.  This is, of course, exactly the type of data that hackers and fraudsters are eager to steal.  Further, big data can include information that companies control but don’t own, such as customer and business partner data.  Big data can make a thief’s job easier by concentrating disparate toxic data in one place.

Forrester suggests a framework to help security and risk professionals control big data:

1) Define the data

Data discovery locates and indexes big data, while data classification catalogs data to make it easier to control. Classify data based on toxicity, which will determine where it is stored.  Implement strong policies regarding data handling, storage, and records management, which will preclude the storage of sensitive information on laptops and mobile devices.  Security professionals must continuously discover and classify data as users create it throughout the organization’s network.

2) Dissect and analyze the data

Experts can extract important data from big data sets that will help protect corporate assets; in other words, big data can be used to protect big data.  Analyzing this information is helpful in understanding how to protect big data.

3) Defend and Protect the data.

Limit access to all resources, strictly controlling the number of people that can access data and continuously monitoring those users’ access levels throughout their employment. ·Inspect data usage patterns so that you can detect potential abuses.  Dispose of data when it’s no longer needed, and “kill” data  – using data abstraction techniques such as encryption, tokenization, and masking – to devalue it for use on the underground market.

 [dropshadowbox align=”none” effect=”lifted-both” width=”600px” height=”” background_color=”#ffffff” border_width=”1″ border_color=”#dddddd” ]Breach Weary? Download this free white paper and learn how cyber insurance can help reduce your risk.[/dropshadowbox]