About half—55%—of respondents in a recent survey said that they were operating big data systems in full production, pilot or proof-of-concept, stages, and that 28% plan to have big data applications deployed within the next two years. That opens up serious security concerns.
According to the report from SANS Institute, the primary data types respondent organizations are managing in their big data systems include personally identifiable information (PII, 73%), employee records (64%), intellectual property (59%), payment card information (53%) and national security intelligence data (40%).
Additionally, it was shown that organizations are coming under increased compliance pressure, with 83% reporting that their big data systems must comply with one or more regulatory standards.
“Today, the world of data security is still relatively new—threat intelligence, traditional security approaches and a focus on managing mobile and cloud resources have generally advanced the state of data security. But until now, a comprehensive look at security as it relates to big data, Hadoop and the many related applications in use hasn’t existed,” said SANS analyst Barbara Filkins. “This SANS survey and research report paint a clear picture of how organizations are using big data architectures for real production workloads and what they should be most concerned about, and provide advice on how to reduce risk in existing and future big data environments.”
In terms of how data security is being handled, 54% said that they simply integrate with existing identity and access management systems to manage sensitive data access. A little less than that (45%) authorize user access based on roles.
About 78% of those able to rank security control effectiveness said host-based security technologies were the most effective, while 72% said network-based security was the way to go. Another 40% said encryption technologies were very effective.
The report also took a look at governance, and found that the C-suite appears to be firmly on the hook: A quarter believe that the CIO and CTO are responsible for big data risk; another 18% said that the CSO and CISO are.
Less than 5% said system administrators, security administrators and app developers and managers held responsibility.