TDWI Articles

5 Steps to Securing Your Big Data Infrastructure

What enterprises need to know as they design big data environments.

For IT executives responsible for modernizing big data infrastructure and embracing cloud storage, the weekly rhythm of security breach news has become a recurring nightmare. For example, earlier this year the genealogy website MyHeritage acknowledged that a security breach had led to the leak of email addresses and hashed passwords of more than 92 million users.

For Further Reading:

3 Fundamental Steps for Strong Big Data Security

Big Data, Infrastructure, and Performance

Data Governance in a Big Data World

In addition to self-inflicted breaches, big data leaders are increasingly concerned about regulatory compliance. Now that the European Union's General Data Protection Regulation (GDPR) is in effect, enterprises can face fines as much as 4 percent of their annual sales if they violate the data security regulations.

The task of modernizing big data storage and deploying new cloud-based solutions has never seemed more daunting -- or more perilous. The fallout from a security breach or data leak can embroil a company legally and financially and burn its reputation with customers. However, there may be such a thing as "too much" security. The proliferation of big data security procedures has presented a new set of challenges. For some companies, new security policies are so robust that they restrict users from accessing the very data they need for their daily work.

Many IT managers have tried to improvise solutions to this access problem, but moving data off secured storage infrastructure into temporary locations exposes data to unauthorized users (and hackers).

Security from the Start

Appropriate and effective security procedures and architecture must be baked into a big data setup, rather than reverse engineered retroactively. You need a robust foundation for big data security. Here are five security issues that IT execs should review for big data in the cloud, on premises, or both.

Authentication. Are users with access to data files actually who they say they are? We are all familiar with the rudimentary password and the more advanced two-step authentication. Big data authentication systems can build a user profile as a checklist when granting or denying access.

Authorization. After authentication, big data systems need to be able to determine what type of data the user should have access to, as well as what recognized users can (and can't) do with that information. Are users gaining access to information for which they don't have permission? Are they using the data in the wrong way?

Data protection. How will your enterprise encrypt data and prevent information from being exposed to outside users lacking proper authorization? Regardless of more stringent regulations, information about customers or employees must always be obfuscated and kept from public view. Encryption glitches like the one that hit Twitter can hurt a company's reputation -- even if no data was stolen or misused.

Auditing. Is your company keeping records of who accessed what data and when? This information could be critical in assessing whether an outside breach has occurred or when examining a security policy that might deviate from rules and regulations.

Row-level security. This restricts what users can access within data sets. Should your data consumers have the run of the full database? Probably not. Limiting user access to certain rows within a data set is important for meeting compliance standards and satisfying security regulations.

A Final Word

Different companies will require unique solutions rather than a one-size-fits-all approach. However, if enterprises do their big data homework, they can do a better job mitigating security and regulatory risks -- and executives will be able to rest a little easier.

About the Author

Matt Baird is the CTO and co-founder of AtScale. You can reach the author here.


TDWI Membership

Accelerate Your Projects,
and Your Career

TDWI Members have access to exclusive research reports, publications, communities and training.

Individual, Student, and Team memberships available.