The big picture of protecting and securing Big Data
Today almost every company is dealing with big data in one way or another – including customer data, tracking data, and behavioral marketing information – connecting every aspect of our lives. Although it can be considered trendy and useful, some of the latest “innovations” cross the line from creative to creepy. Take for example a Bluetooth-connected doll that learns how to answer the child’s questions by recording each and every movement or comment in the room. While this is a cutting edge use of technology, that kind of data monitoring can become dangerous when placed in the wrong hands.
Of course every company strives for excellence – the expression “knowledge is power” is certainly a key element in the justification for using big data. The more you know, the better you can prepare for the future. On the other hand, the more information you have, the more you need to protect – and can potentially lose that information, along with money and trust. In a society where the news is filled with new data breaches and information leakages, there are two core aspects a company must consider in order to get dealing with big data right from the start: reputation and trust.
Successfully forging reputation and trust with your customers comes with great responsibility. It all starts by asking yourself, “How is good data management defined?” You must give thought to what data is collected, how it is collected, where it is stored, who is supposed to have access, and how its lifecycle is supposed to be managed in the short, middle, and long term.
Nobody wants to see their organization’s name in the news because they suffered a data breach. The damage is far worse than just lost records, emails, or documents. The goal is to keep documents safe, but the most crucial assets a company has is its customers’ trust and its own reputation. Unfortunately, there is no such thing as “perfect” security. There is no panacea for ensuring you never experience a data breach. Instead, it’s vitally important we demonstrate all reasonable precautions and controls possible were implemented in the case that a breach does occur. That is what regulators are investigating if a breach occurs. The level of tangible and accountable effort your company takes to prevent bad things from happening, and recovering quickly when it does, will directly impact the actions taken against your organization.
Here is where big data comes back into the picture. All gathered information – including passenger data for airlines, GPS data for connected cars, communication data for telecom companies, customer data for any private company, or citizen data for any public institution – must be stored somewhere. “Somewhere” means different things for different companies, including the cloud, SharePoint, file shares, websites, structured databases, and more.
Having any data lying around without concern for the way it’s governed is like putting an unlabeled jar on a top shelf in the kitchen cupboard because the space is empty, and then trying to pile up three chairs to reach it because it is easier than going to the basement to fetch a proper ladder to reach it securely. This is the reason why a solid information governance strategy is crucial from the very beginning. We’ve already seen the benefits big data delivers to corporations, but also to the wellness of the human race. Don’t ruin those potential benefits by neglecting to classify all of this data and optimizing where its stored as part of a defined data lifecycle in accordance to regulations such as the European Data Protection Directive.
It’s not just a problem for IT anymore. It’s not just a problem for Chief Security Officers anymore. It’s everyone’s problem now, and all facets of your organization must be heavily involved with safely and securely handling big data.
At RSA Conference 2015 in San Francisco, RSA President Amit Yoran called the time we live in today as the “dark ages of information security”, urging that a new approach is desperately needed to prevent information security managers from becoming overwhelmed with legal or internal requirements. Instead, they must come armed with a sensible information governance strategy that assesses what data is already there, validates what needs to be done, and stores data only in the environments where it is supposed to be located. It goes back to reputation and trust: If a customer trusts a company to assure the safety of their data, the responsibility lies with the company to maintain that bond.
Unfortunately, some organizations have already learned these lessons the hard way. It’s not time to bury our heads in the sand and hope to not become the next victim. Let’s be proactive and learn from these past mistakes so that we’re not the next ones to wind up the victim of a poorly handled data breach. It’s time to see the big picture of big data not only deals with the potential it has for spurring innovation, it also comes with the great responsibility of securing our most precious information from falling into the wrong hands.