Related Stories

  • Cloud Security Alliance gets large on Big Data
    Providing security for virtual and remote environments that may be connected by open networks is a IT hurdle in and of itself on even a small scale, but in the context of the Big Data phenomenon stemming from cloud-based data centers, the challenge increases exponentially. To help the situation, the Cloud Security Alliance (CSA) has launched its Big Data Working Group (BDWG), to be led by Fujitsu, eBay and Verizon Business.
  • New advisory council takes aim at security best practices
    The ability to continuously monitor big data across financial, operational and IT domains has emerged as a critical security and regulatory requirement for global corporations and government agencies. However, no comprehensive industry alliance has been in place to encourage the development of independent best practices.
  • Big Data Analytics should be used for security as well as commercial purposes
    “Big data analytics can improve information security and increase cyber resilience” claims a new report from the Information Security Forum (ISF).
  • Big Data can cause big headaches for infosec professionals
    Along with the benefits that can be gained from Big Data come attendant security risks, notes Savvis' Ed Moyle.
  • New Forrester Report: Big Data Risks
    A new Forrester report, the Future Of Data Security And Privacy: Controlling Big Data, seeks to help business understand the risks inherent in Big Data, and how to handle them.

Top 5 Stories


Most Big Data implementations feature no security beyond passwords

06 November 2012

The Big Data revolution, spurred by technologies that allow companies to collect, manage and analyze very large data sets thanks to cluster-based computing architectures – is creating vast repositories of mission-critical information that are, in turn, creating new security concerns. Unfortunately, a new white paper finds that most enterprises are relying solely on passwords to protect their data.

“As these systems become more common, the repositories are increasingly likely to be stuffed with sensitive data,” writes Securosis, the research firm that wrote the paper on behalf of security vendor Vormetric. “Only after companies find themselves reliant on ‘Big Data’ do they ask how to secure it.” 

The firm said that two factors became abundantly clear during the research project. “First, Big Data projects are common – almost the norm – within the enterprises we spoke with,” researchers wrote. “They have embraced the technology, and they've pushed vast amounts of data into these clusters.

“Second, most have implemented virtually zero security measures,” they added.

The firm’s examination of different Big Data implementations shows that security features are “sparse and aftermarket offerings are not fully tailored to these clusters.” In the rush to implement highly scalable, low-cost clusters for data analysis, security has fallen by the wayside as cost-efficiency wins out on the corporate to-do list. Most deployments are largely insecure, and “wholly reliant on network and perimeter security support,” i.e., password protection, Securosis said.

The good news is that several critical security concerns can be addressed without a Herculean effort – or investment: Big Data clusters share most of the same vulnerabilities as web applications and traditional data warehouses. The top items to look at include how nodes and client applications are vetted before joining the cluster, how data-at-rest is protected from unwanted inspection, privacy of network communications and how nodes are managed.

Securosis’ initial recommendations include using SSL or TLS network security in SQL environments to authenticate and ensure privacy of communications between nodes, name servers and applications. Also, file/OS layer encryption can protect data-at-rest, ensure administrators or other applications cannot gain direct access to files, and prevent leaked information from exposure.

The researchers also recommend key/certificate management. “You can’t store keys and certificates on disk and expect them to be safe,” they noted. “Use a central key management server to protect encryption keys and manage different keys for different files.”

It should go without saying, but companies should also validate nodes during deployment – through virtualization management, cloud provider facilities, or third-party products such as Chef and Puppet. And, they should log transactions, anomalies and administrative activity – through logging tools that leverage the big data cluster itself – to validate usage and provide forensic system logs.

“While these measures cannot provide fail-proof security, a reasonable amount of effort can make it considerably more difficult to subvert systems or steal information,” Securosis noted.

"Based on Securosis' findings, security in typical big data implementations is largely an afterthought," said Derek Tumulak, vice president of product management for Vormetric, an encryption specialist. "The good news is that several critical security concerns can be addressed by a handful of security measures, including the use of file layer encryption to protect data at rest and ensure sensitive information cannot be accessed."

This article is featured in:
Application Security  •  Cloud Computing  •  Encryption  •  Identity and Access Management  •  Industry News


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×