As companies continue to redefine IT processes to cope with the semi-structured and unstructured data that characterize big data, they are also recognizing that standard data security practices that grew up with fixed-record, transactional data no longer address every big data security concern.
For starters, there are few controls on the mountains of big data that flow into companies on a daily basis. Big data can come from anywhere and in every form.
While companies can put controls in place to regulate the in-flow of this seemingly limitless data pipeline, there are very acute security concerns that emerge once the data is in enterprise data repositories where it can be accessed or shared. Who should be authorized to see the data in its entirety, and who within the organization needs to know some of the data, but not all of it?
“We are seeing major transitions in the big data market now,” said Venkat Subramanian, CTO at Dataguise, a data protection and compliance vendor. “Companies are moving from traditional data services to the big data market, and they are beginning to move more of their standard and big data applications from on-premises data centers to the cloud. Whether big data is stored on premises or in a cloud environment, appropriate governance measures for this data are needed.”
As part of big data governance, there are several security measures that companies can take.
1: Conduct regular reviews of user access to data
On a semi-annual or annual basis, IT should sit down with corporate stakeholders who access data from data lakes and repositories, and review data access permissions for all authorized personnel. Access permissions can be adjusted upward or downward based upon employee/contractor work responsibilities. When employees/contractors are no longer employed with the company, they should be immediately removed from access.
2: Data masking
In some cases, masking can be used to redact sensitive data elements (e.g., social security numbers, names) so this data isn’t shared with others outside of the company. Masking should especially be considered if the company wants to sell big data to third parties.
3: Encrypt data
If big data is stored in a single data repository that all employees with appropriate clearances are able to access, encryption can be used on the data. “The idea behind data encryption is that you give everyone maximum flexibility to get at the data that they need, and they can do so safely,” said Subramanian. “The encryption is a secure ‘wrap’ around the data.”