Big Data Needs “Data-Centric Security Focus”

Jun 06, 2014

Research firm Gartner has called upon organisations to “avoid security chaos” by including all data in security policies.

The company claims that currently, big data tends to be dealt with in isolation and this could cause problems.  

According to its Big Data Needs a Data-Centric Security Focus report, during 2016, over 805 of businesses will not develop a consolidated data security policy, which may lead to potential noncompliance, security breaches and financial liabilities.

“Businesses have traditionally managed data within structured and unstructured silos, driven by inherent requirements to deploy relational database management systems, file storage systems and unstructured files shares,” said principal research analyst at Gartner, Brian Lowans.

“However, the advent of big data and cloud storage environments is transforming the way in which data is stored, accessed and processed and CISOs (chief information security officers) need to develop a data-centric security approach,” Lowans claimed.

“Unfortunately, this is not common practice today and its planning is critical to avoid uncoordinated data security policies and management,” he added.

CISOs Must Lead Collaboration For Greater Security

Gartner has recommended that CISOs collaborate with trusted team members to develop and manage an enterprise data security policy.

It says this policy should define data residency requirements, stakeholder responsibilities, business needs, risk appetite, data process needs and security controls.

However, the report adds that the process is complicated by access to public cloud services and infrastructure, as it opens the potential for access by cloud service providers and security vendors.

The study claims that data flows will result in a growing need to monitor and audit access to protect data across silos.

“Business stakeholders may not be accustomed to having strong relations with security teams and CISOs need to build partnerships with them to develop new management structures for data security accountability and to identify cross-functional training needs,” claimed Lowans.



I agree that these “data flows will result in a growing need to monitor and audit access to protect data across silos.” But the bad news is that monitoring is not catching the bad guys according to the latest report from Verizon.

The 2014 Verizon Data Breach Investigations Report concluded that enterprises are losing ground in the fight against persistent cyber-attacks. Monitoring cannot catch the bad guys until it is too late and this picture is unfortunately not improving according to Verizon.

The Verizon 2013 and 2014 reports concluded that less than 14% of breaches are detected by internal security tools. Detection by external third party entities unfortunately increased from approximately 10% to 25% during the last three years. Specifically notification by law enforcement increased from around 25% to 33% during the last three years.
The recent attack on Target utilized memory scraping malware to attack sensitive data in computer memory. Attackers will always look for the next available path to the data, using regulations as a blueprint of current security practices.  For example, most current data security regulations only require data at rest to be protected. Organizations have responded by protecting their data at rest, but leaving their data flow and applications relatively unprotected. This might explain the dramatic rise of memory scraping malware on the list of “Top 20 varieties of threat actions over time”, from #17 in 2012, all the way up to #4 in 2013 according to the latest Verizon report.

Our current approaches with monitoring and intrusion detection products can't tell you what normal looks like in your own systems and SIEM technology is simply too slowly to be useful for security analytics. Advancements in Big Data security analytics may help over time, but we don't have time to wait. We need to protect our sensitive data itself.
Studies have shown that users of data tokenization experience up to 50 % fewer security-related incidents (e.g. unauthorized access, data loss, or data exposure) than non-users.

Ulf Mattsson, CTO Protegrity



Understanding the risks and rewards of public sector cloud 

Download the Whitepaper now




Sign up to receive latest news