3 Fundamental Steps for Strong Big Data Security
If there's one thing we know for sure about technology, it's that innovation moves fast, but frequent innovation can be problematic for security -- especially for big data platforms.
- By Sean Curran
- February 6, 2018
As large organizations pull more data from disparate sources, they are realizing too late that their security solutions don't provide adequate protection. The need for advanced big data technology, however, is urgent due to its potential: organizations can save millions of dollars and ease huge operational burdens thanks to its capabilities, but these benefits shouldn't come at the expense of security.
How to Smartly Secure Your Big Data Projects
Big data platforms have unique security requirements because of the huge volumes of disparate information involved. They operate in a distributed architecture format -- not a traditional mainframe architecture system in which only one server needs to be secured.
The stakes for securing data are high and new innovations are coming at the speed of light. What's a forward-thinking, big-data-minded organization to do?
Step 1: Get security in the room from the start
It's the security team's responsibility to provide their expertise at each step in the development process. The security team must be approachable, open with their knowledge, and committed to finding a custom solution for securing big data technologies. However, it's incumbent on the data analytics team to invite the security team into the project early and keep them informed at every step.
Organizations run into trouble when the data analytics team views the security team as "killjoys" or when they intentionally cut security out of the early stages of the process based on a belief that security implications will limit innovation. Security teams brought into the process late are often frustrated by the fact that development is too far along to incorporate any meaningful security strategies. In many cases, security teams let developers off the hook because there's no realistic way to adequately secure the tool at such a late stage.
The data analytics team must recognize its obligation to incorporate robust security measures into its big data innovations, even if it means reeling in their technology plans.
Step 2: Start with objectives, not solutions
Too often, security teams prescribe simplistic solutions as requirements for any system an organization uses, despite the fact those solutions won't successfully protect complex big data systems. Adequate big data security differs from normal operations and cannot be subjected to the same standard. In fact, a big data environment can't be secured with just one solution. Organizations must understand that only a customized blend of tactics has a chance at completely managing the risk.
Security teams should adjust their thinking when it comes to big data security efforts. They can begin by asking what specific security objectives your team is trying to achieve. From there, they can work backwards to find the custom and alternative solutions to secure your environment.
Step 3: Customize your solution
There is no one-stop shop for big data security. Big data technologies are a bunch of open source frameworks stitched together to fill a specific need. That makes creating a security solution complicated.
As big data platforms are treated more like custom applications and less like databases, you have a greater chance of using the appropriate security approach. The data analytics team and security team need to understand the low-level architecture to ensure they're taking all possible threats into account.
Currently, big data platforms are too complex to be secured with a one-size-fits-all solution. To address the complex security requirements of big data platforms, organizations need to customize a stack of tactics that address the security objectives identified at the beginning of the process.
We have a long way to go to achieve an industrywide security standard for big data projects. The gap is complicated by a shortage of strong security professionals on the market, especially those willing to take an in-depth role in ideating and building a strong strategy rather than just doling out predetermined solutions.
Security is always an uphill battle, but the organizations that are the most successful wielding big data are those that form a true partnership between the data and security teams and commit to developing a customized and objective-driven solution.
Sean Curran is a senior director in West Monroe Partners’ Security and Infrastructure practice based in Chicago. He has more than 20 years of business consulting large-scale infrastructure experience across a range of industries and IT domains, including extensive work in the areas of data and information security.