Skip to Content

Sponsored

Big Data, Big Security: Defense in Depth

In partnership withOracle

Especially in the age of big data, organizations need to keep in mind that security isn’t an end state or a one-off project. Instead, it’s a constant work in progress.

At the same time, it’s important to maintain the right mindset — that is, that while organizations obviously need to take a diligent, responsible approach to securing big data, their efforts shouldn’t be driven by fear. They simply need to adopt a data-centric approach to security.

Specifically, they need to employ three key types of security controls:

Preventive: Securing the data itself prevents mistakes or cybercriminals from gaining access to the data; and if they did, the data would be rendered useless. This includes security controls such as encryption, data masking, and privileged user controls.

Detective: Looking for anomalous behavior by, for instance, auditing database activity, monitoring systems throughout the big data environment, and providing compliance reports or alerts about potential problems.

Administrative: Implementing tools that enable the processes and procedures for security, such as sensitive data discovery, privileged user analysis, configuration management, and encryption key management capabilities.

“A comprehensive data security approach ensures that the right people, internal or external, always receive access to the appropriate data and information at the right time and place, in the right channel,” says Neil Mendelson, vice president for big data and advanced analytics at Oracle.

“Defense-in-depth security protects organizational information assets by securing and encrypting data while it’s in motion and at rest. It also enables organizations to separate roles and responsibilities and protect sensitive data without compromising privileged user access,” Mendelson adds. “Furthermore, it extends monitoring, auditing, and compliance reporting across traditional data management to big data systems.”

Organizations are now in need of big data environments that include enterprise-grade authentication and authorization (Kerberos or LDAP and Apache Sentry project), and auditing that can be automatically set up on installation, greatly simplifying the process of hardening Hadoop.

“Businesses are finding that big data works best in an environment that combines Hadoop, NoSQL, and relational databases,” Mendelson says. “To realize a robust and successful big data strategy, it’s important to determine how to integrate these technologies under a big data technology platform.”

Such a platform is where the company governs all of its data and makes it securely available to the rest of the organization for use and analysis. The platform also includes the critical systems currently used to run the business.

Securing the big data life cycle requires the following security controls:

• Authentication and authorization of users, applications, and databases

• Privileged user access and administration

• Encryption of data at rest and in motion

• Data redaction and masking for non-production environments

• Separation of responsibilities and roles

• Implementing least privilege

• Transport security

• API security

• Monitoring, auditing, alerting, and reporting

Keep Reading

Most Popular

Rendering of Waterfront Toronto project
Rendering of Waterfront Toronto project

Toronto wants to kill the smart city forever

The city wants to get right what Sidewalk Labs got so wrong.

Muhammad bin Salman funds anti-aging research
Muhammad bin Salman funds anti-aging research

Saudi Arabia plans to spend $1 billion a year discovering treatments to slow aging

The oil kingdom fears that its population is aging at an accelerated rate and hopes to test drugs to reverse the problem. First up might be the diabetes drug metformin.

Yann LeCun
Yann LeCun

Yann LeCun has a bold new vision for the future of AI

One of the godfathers of deep learning pulls together old ideas to sketch out a fresh path for AI, but raises as many questions as he answers.

images created by Google Imagen
images created by Google Imagen

The dark secret behind those cute AI-generated animal images

Google Brain has revealed its own image-making AI, called Imagen. But don't expect to see anything that isn't wholesome.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.