Although many firms have jumped on the big-data bandwagon, not many have taken steps to secure these systems, according to a feature story on CIO.com (which was originally published by CSO). But that could be changing, even though experts admit that the process is “painfully slow.”
There’s no question that big data adoption is becoming urgent for many firms, but not many companies incorporating big data into their systems are well-versed in building security around them. And, particularly for smaller firms, big data’s easy and available access has become an issue.
Says Adrian Lane, an analyst and CTO at information security research firm Securosis: “We’re not talking about millions of dollars of infrastructure; we’re not talking about large services teams parachuting people in and spending a couple of million dollars. We’re talking agile, cost-effective, scalable modular databases that can be set up quickly by anyone.”
Some companies don’t believe there is any sensitive data contained in the databases employees are accessing, even though Lane and David Mortman, another security analyst at Securosis, say that’s a fallacy.
According to both Lane and Mortman, some applications that are “used to build big-data systems are starting to take security in mind.” This is in sharp contrast to over a year ago when very few big data systems had built-in security features.
Unfortunately, for both vendors and businesses, the process of integrating and incorporating these security changes has been laborious.
In an effort to increase big-data security, some companies are using a “closed software system that was very common in securing mainframe data,” according to the CSO story. Others are “wrapping security into the application and user identity layers.”
And, that old standby, encryption, is getting heavy play.
But companies are still a long way off when it comes to “securing big data and next generation database implementations,” according to the piece. A big problem is database monitoring.
“There are specific ways of looking at usage profiles or behavioral profiles, or metadata information to vet good vs. bad queries. We don’t have this ability with big data yet,” Mortman told CSO.