Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

View from the Marketplace

Views from the Marketplace are paid for by advertisers and select partners of MIT Technology Review.

Big Data, Big Security: Defense in Depth

Especially in the age of big data, organizations need to keep in mind that security isn’t an end state or a one-off project. Instead, it’s a constant work in progress.

At the same time, it’s important to maintain the right mindset — that is, that while organizations obviously need to take a diligent, responsible approach to securing big data, their efforts shouldn’t be driven by fear. They simply need to adopt a data-centric approach to security.

Specifically, they need to employ three key types of security controls:

Preventive: Securing the data itself prevents mistakes or cybercriminals from gaining access to the data; and if they did, the data would be rendered useless. This includes security controls such as encryption, data masking, and privileged user controls.

Detective: Looking for anomalous behavior by, for instance, auditing database activity, monitoring systems throughout the big data environment, and providing compliance reports or alerts about potential problems.

Administrative: Implementing tools that enable the processes and procedures for security, such as sensitive data discovery, privileged user analysis, configuration management, and encryption key management capabilities.

“A comprehensive data security approach ensures that the right people, internal or external, always receive access to the appropriate data and information at the right time and place, in the right channel,” says Neil Mendelson, vice president for big data and advanced analytics at Oracle.

“Defense-in-depth security protects organizational information assets by securing and encrypting data while it’s in motion and at rest. It also enables organizations to separate roles and responsibilities and protect sensitive data without compromising privileged user access,” Mendelson adds. “Furthermore, it extends monitoring, auditing, and compliance reporting across traditional data management to big data systems.”

Organizations are now in need of big data environments that include enterprise-grade authentication and authorization (Kerberos or LDAP and Apache Sentry project), and auditing that can be automatically set up on installation, greatly simplifying the process of hardening Hadoop.

“Businesses are finding that big data works best in an environment that combines Hadoop, NoSQL, and relational databases,” Mendelson says. “To realize a robust and successful big data strategy, it’s important to determine how to integrate these technologies under a big data technology platform.”

Such a platform is where the company governs all of its data and makes it securely available to the rest of the organization for use and analysis. The platform also includes the critical systems currently used to run the business.

Securing the big data life cycle requires the following security controls:

• Authentication and authorization of users, applications, and databases

• Privileged user access and administration

• Encryption of data at rest and in motion

• Data redaction and masking for non-production environments

• Separation of responsibilities and roles

• Implementing least privilege

• Transport security

• API security

• Monitoring, auditing, alerting, and reporting

Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.

Subscribe today
More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe to Insider Basic.
  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

/3
You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.