Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

View from the Marketplace

Views from the Marketplace are paid for by advertisers and select partners of MIT Technology Review.

Big Data, Big Security: Defense in Depth

Especially in the age of big data, organizations need to keep in mind that security isn’t an end state or a one-off project. Instead, it’s a constant work in progress.

At the same time, it’s important to maintain the right mindset — that is, that while organizations obviously need to take a diligent, responsible approach to securing big data, their efforts shouldn’t be driven by fear. They simply need to adopt a data-centric approach to security.

Specifically, they need to employ three key types of security controls:

Preventive: Securing the data itself prevents mistakes or cybercriminals from gaining access to the data; and if they did, the data would be rendered useless. This includes security controls such as encryption, data masking, and privileged user controls.

Detective: Looking for anomalous behavior by, for instance, auditing database activity, monitoring systems throughout the big data environment, and providing compliance reports or alerts about potential problems.

Administrative: Implementing tools that enable the processes and procedures for security, such as sensitive data discovery, privileged user analysis, configuration management, and encryption key management capabilities.

“A comprehensive data security approach ensures that the right people, internal or external, always receive access to the appropriate data and information at the right time and place, in the right channel,” says Neil Mendelson, vice president for big data and advanced analytics at Oracle.

“Defense-in-depth security protects organizational information assets by securing and encrypting data while it’s in motion and at rest. It also enables organizations to separate roles and responsibilities and protect sensitive data without compromising privileged user access,” Mendelson adds. “Furthermore, it extends monitoring, auditing, and compliance reporting across traditional data management to big data systems.”

Organizations are now in need of big data environments that include enterprise-grade authentication and authorization (Kerberos or LDAP and Apache Sentry project), and auditing that can be automatically set up on installation, greatly simplifying the process of hardening Hadoop.

“Businesses are finding that big data works best in an environment that combines Hadoop, NoSQL, and relational databases,” Mendelson says. “To realize a robust and successful big data strategy, it’s important to determine how to integrate these technologies under a big data technology platform.”

Such a platform is where the company governs all of its data and makes it securely available to the rest of the organization for use and analysis. The platform also includes the critical systems currently used to run the business.

Securing the big data life cycle requires the following security controls:

• Authentication and authorization of users, applications, and databases

• Privileged user access and administration

• Encryption of data at rest and in motion

• Data redaction and masking for non-production environments

• Separation of responsibilities and roles

• Implementing least privilege

• Transport security

• API security

• Monitoring, auditing, alerting, and reporting

Get stories like this before anyone else with First Look.

Subscribe today
Already a Premium subscriber? Log in.

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

    Bimonthly digital/PDF edition

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special interest publications

    Discount to MIT Technology Review events

    Special discounts to select partner offerings

    Ad-free web experience

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.