A Big Data solution is a true information system in itself, incorporating applications, processing components, networks, data storage… but with the unique feature that it calls on massive use of data from a wide diversity of sources, as well as distributed processing and storage resources.
• Security governance, to define the protective measures and controls that are best suited to the business issues around Big Data
• Information systems protection, which involves implementing appropriate mechanisms at the right level, without overdoing it, but also without being too naïve
• And finally, information systems supervision, because protective measures alone are no longer enough to tackle increasingly advanced threats.
Nevertheless, there are certain specific issues relating to Big Data in each of these three areas:
Governance: using data for new purposes involves adapting security policies
Business data represents the core information asset for almost all organizations. Their security policies are built around an expression of need for data security expressed in terms of various criteria, including availability and accessibility, integrity and consistency, confidentiality, as well as traceability and proof… all for purposes defined by the business.
The introduction of analytical tools based on huge quantities of data leads:
• On the one hand, to the use of existing data but for purposes for which it was not necessarily originally intended. Using data in this way can lead to existing security policies being breached, especially in relation to regulatory constraints (protecting the privacy of health or banking data, for example)
• On the other hand, to the importing of new kinds of data into the organization – for example via social networks – for purposes that have not yet been clearly defined. This new kind of data may require security policies to be revised, to take into account their particularly sensitive nature.
Finally, the results of this analysis represent, in themselves, new high added value business data which it is imperative to protect.
> The introduction of a data analysis solution requires both a revision of existing policies – to integrate new uses of business data – and an extension of those policies to incorporate issues that are specific to the new data.
Protection: keeping data confidential by restricting access to it rather than using encryption
When it comes to data protection, in addition to more traditional methods that involve putting up a protective barrier around the data and ensuring fundamental protection, specific measures may be needed depending on how sensitive the data is. To maintain confidentiality, we recommend two courses of action:
• The first (and simplest) measure involves ensuring close control over access to the data, using an Identity and Access Management solution at the very least (for example, ensuring that raw data cannot be directly accessed by human users, controlling access to query systems, user authentication…)
• If necessary (from a regulatory point of view), encrypting the most sensitive data. But in order to be efficient, an encryption solution must provide means of controlling access to data granularity and the management of encryption keys, while maintaining a high level of performance.
> Confidentiality: first and foremost via access control and, where necessary, encryption.
Protection: activity trails, essential for security, have a new business value.
Two technological developments make it possible to extract value from activity trails.
Firstly, now that huge amount of storage are available, activity trails for systems and users can now be produced on a massive scale, to identify which processes or users are importing data? When? Where did they come from? Which process or user is consulting that data? When? Why…?
What’s more, the development of analytical tools not only means that these trails have new business value, but also makes them usable by the most intelligent security supervision systems.
Supervision: extending security supervision to all components, to make them smarter
In recent years, we’ve seen the emergence of ‘advanced persistent threats’ (APTs): targeted attacks on information systems, with the main aim of extracting data which the attacker can use to create value.
In this context, it is obviously still essential to ensure that security measures are in place around the data. But, because of the new threats that may be able to circumvent these measures, simply monitoring these measures is just a matter of IT ‘hygiene’.
Nowadays, to tackle these threats effectively and more proactively, organizations need to use a second-generation Security Operation Center (SOC v2). This effectively allows all trails produced by the system to be monitored, correlated and analyzed, so as to identify even the weakest of signals (for example, the opening and closing of a server port, data flows to servers in unusual locations, etc.) which might indicate that an advanced attack is in progress.
> In this area, the analytical technologies enabled by Big Data provide resources that complete the range of security measures, by making supervision smarter and therefore more effective against specific threats.