Big data, or specifically the insights from big data analytics, are proving invaluable to a variety of industries, from health care to defense to e-commerce. However, more data means more information that needs to be monitored and protected and more potential security risks to the enterprise. With these new risks comes a new market opportunity from VARs interested in mastering information security disciplines.
According to McKinsey & Company, by 2018 there will be a shortage of as many as 190,000 professionals who have the analytical skills to manage big data projects; they also predict there will be a shortfall of 1.5 million managers who will know how to use big data analyses for decision-making. And according to a recent roundtable discussion sponsored by TechRepublic, the growth in big data and cloud computing is making security one of the hottest job growth areas in the market. Integrators who can bridge the gap with big data expertise, especially with information security disciplines, are sure to profit.
Big Data Means Bigger Enterprise Risks
Big data poses more risk for the enterprise mostly because it requires networks to drop their perimeter defenses. By definition, big data means open networking, giving partners, suppliers, customers, and others access to corporate data in order to promote collaboration. Open access creates more possibilities for a data breach. You not only have to worry about who has access, but how they have access, including through channels that are hard to secure such as cloud services and mobile devices. The new information security disciplines need to be support an open but secure infrastructure.
And cybercriminals are becoming more sophisticated. Cyber attackers are taking advantage of those openings in the network perimeter and evading static threat detection and signature-bases security tools. Most data breaches aren’t detected until long after the culprit is gone so threats need to be identified in real time.
To combat more extensive and more sophisticated threats, an intelligence-driven security model is emerging to protect big data that is actually powered by big data. The new information security disciplines will harness big data to deliver a 360-degree view of the organization, using big data analytics to assess potential risks, and even predict security threats.
The Building Blocks of Big Data Security
There are at least four information security disciplines that you should consider mastering to provide from big-data driven security:
- Security Management – Security information and event management (SIEM) is converging with network monitoring for real-time threat detection. Using big data analysis, you gain a single view off the enterprise, essentially creating a unified security management system. You need a unified, self-evolving security management system to track threats from multiple sources at once. Using a hodgepodge of security solutions won’t protect the enterprise; you really need to know how to build a centralized security system so you can monitor diverse data sources and create a unified data repository where security analysts can get a holistic view of the infrastructure.
- Identity and Access Management – You need to be able to continuously monitor user activity as part of risk assessment. That means having the ability to see who the users are, where they come from, and what data they access, and being able to authenticate users at each step. As big data is harnessed to power enterprise security, the security system will be able to adapt and predict user behavior, provisioning on demand and enforcing policies and procedures as needed.
- Fraud Detection and Prevention – As big data is used to provide session intelligence and click-stream analysis, behavioral data will make it possible to distinguish between legitimate business activities and unwanted intruders. This will make it easier to identify fraudulent behavior before any damage can be done.
- Governance, Risk, and Compliance – The open access environment demanded by big data means bridging information siloes or pools of data into a unified system. And that system will have to handle the flow of more and more data. As demand for big data grows, governance, risk, and compliance (GRC) platforms will start analyzing data in real-time to prioritize activities and head off security risks.
Big data analytics promises to automate much of enterprise risk assessment and threat protection, but someone needs to be able to understand, build, and manage the security infrastructure. Big data also will promote more transparency into security breaches, centralize management and response, and shorten reaction times, but only if the right experts are on hand to interpret analytics. This is there the opportunity for the future lies. To prepare for the coming of big data security, you need to master the basic information security disciplines.
These are only four aspects of big data security. What do you see as the biggest challenge to the future of security? What information security disciplines would you recommend?