Cybersecurity Grabs the Big Data Spotlight Jan 11, 2017
For all the good that big data can bring your company, it also introduces certain risks. Thanks to a growing awareness about the importance of cybersecurity as a result of recent high-profile breaches, businesses will have a harder time ignoring these risks in 2017, technology executives say.
While security professionals have been sounding the alarm over too-lax security policies for years, those calls have largely fallen on deaf ears at the c-level—in the C-suite as well as among consumers. However, the wider population was treated to a wakeup call about the troubling state of cybersecurity during the 2016 political campaign season.
For starters, American intelligence agencies say a group of Russian hackers known as “Fancy Bear” compromised servers owned by the Democratic Party and released information in an attempt to influence the election. And last month, Chinese hackers, perhaps those affiliated with the community government’s infamous PLA Unit 61398, are accused of targeting a US aircraft carrier in an attempt to steal data. American companies and government agencies have been fighting cyberwars for years, and now the secret is out.
The premise of this war is simple. If you find data valuable, then it’s likely somebody else will find it valuable too. Raw data is essentially a commodity today that organizations of all stripes can buy, sell, and trade on legitimate and black markets. But the digital nature of this commodity is what makes it so potentially dangerous. While physical commodities like wheat and coal are shipped via supertankers, trucks, and airplanes, data moves easily over the Internet.
Signs point to a growing awareness of the vulnerability of computer systems, storage, and networks, among general consumers as well as technology leaders charged with ensuring the safety of applications and data. Whether your organization stores data on relational or NoSQL databases, distributed or object-based file systems, the security of that data will likely be scrutinized this year like never before.
Hadoop—which was originally developed without built-in security controls– will definitely be getting some attention this year, according to Balaji Thiagarajan, group vice president of big data at Oracle.
“Hadoop security is no longer optional,” Thiagarajan says. “Hadoop deployments and use cases are no longer predominantly experimental. Increasingly, they’re business-critical to organizations like yours. As such, Hadoop security is non-optional. You can expect to deploy multilevel security solutions for your big data projects in the future.”
While the Hadoop community is making fast progress in retrofitting the big data platform with security capabilities via open source projects like Apache Sentry, Apache Ranger, Project Rhino—as well as through proprietary projects like Cloudera Manager and vendors like Zaloni, Dataguise, Zettaset, and others—additional care must be taken by the Hadoop user to ensure the data is used in a secure manner.
“Security concerns will force enterprises to take a second look at their data lake initiatives,” says Steve Wilkes, co-founder and CTO at real-time analytics provider Striim. “Current practices that dump raw log files with unknown and potentially sensitive information into Hadoop will be replaced by systematic data classification, encryption, and obfuscation of all long-term data storage.”