Big Data’s Big Peril: Security
We live in a world that is more digitally connected than ever before, and this trend will continue well into the foreseeable future. Mobile phones, televisions, washers and dryers, self-driving cars, traffic lights, and the power grid – all will be connected to the Internet of Things. It has been said that by 2020 there will be 50 billion connected things. These devices produce exponentially growing amounts of data such as emails, text files, log files, videos, and photos.
The world will create 163 zettabytes (a zettabyte equals one sextillion bytes) of data annually by 2025. Enterprises of all sizes can gain competitive advantages and valuable insights by incorporating big data and predictive analytics into their business strategies to fuel growth and drive operational efficiencies. But with all this data at hand, it’s vital to understand which data is actionable, and how it needs to be considered. Here are two examples of ways businesses are utilizing big data to improve the bottom line.
First, big data analytics can reduce customer churn. Predictive models are being built using customer demographics, product profile, customer complaint frequency, social media, and disconnect orders to flag customers who are likely to churn. Companies can identify these customers to better understand their issues and improve inefficient business processes. They can also recommend products that meet customer feature and price needs.
Second, big data can help prevent network outages. This is especially critical with government, medical, and emergency services networks, where outages can have severe impacts. Predictive models can ingest network logs to look at past device performance and predict hours in advance when an outage may occur, giving network engineers time to replace faulty equipment.
To process the large volume, velocity, and variety of data being produced, businesses are standing up data lakes to take in traditional structured data from relational databases and data warehouses, along with unstructured data from social media feeds and system logs. However, many of the applications that populate data lakes were built years ago and provide protection at the application level, not the data level. Such application-level protections are potentially voided when businesses move the data into an enterprise data lake. Additionally, many times businesses do not properly categorize and protect newer, unstructured data sources using role-based security. Data lakes could contain customer data that cyber criminals can use to perform identity and bank theft, impacting hundreds of millions of people. In addition, confidential business information and intellectual property can be at risk.
It is critical to realize that no single organization has all the answers. Businesses should partner with solutions providers and other organizations that have faced the same big data security challenges.
For example, companies have partnered with other organizations to both secure their growing big data platforms and enable digital transformation. There are service providers that can categorize the data moving into enterprise data lakes and identify appropriate security controls. Other providers can assist with encrypting data in transit and at-rest, as well as applying policy-based access controls, allowing employees access only to the data they need to do their jobs.
Going forward, organizations must find creative ways to identify those who access their databases, systems, and networks in order to safeguard these vital assets. Therefore, we need to invest in the next wave of identity access management solutions, such as continuous authentication.
Continuous authentication uses a person’s behavioral or biometric characteristics to periodically re-authenticate users. For example, organizations can use keystroke-based pattern identification to quickly detect if an imposter is at the keyboard, lock the user account, and then trigger an alarm to security operations to take appropriate action. In addition, all of today’s laptops and mobile devices are equipped with a camera. Facial recognition technology can be used to continuously verify that the person looking at the screen is the expected user.
While beneficial to organizations, continuous authentication can lead to privacy, notification, and security issues that must be considered. Many employees have concerns over “big brother” watching them. One possibility is to strategically select which users and systems require continuous authentication, and only deploy such solutions for those identified as high risk. Employers can then make it clear that a higher level of monitoring is a job requirement. In addition, continuous authentication may capture personally identifiable information and, as a result, will be subject to privacy laws. Finally, before these solutions are widely deployed, businesses must address security requirements. We must ensure that malicious actors cannot hijack this technology. We must collaborate across the public and private sectors to resolve all these issues.
Big data and analytics continue to dramatically improve business operations and the customer experience. However, your organization will only realize these benefits if you are willing to invest in security. And we must have a broader societal conversation about the appropriate balance between security and privacy. At the end of the day, organizations still need to focus on security basics and get that right. This includes increased security awareness training and vulnerability management. Otherwise, your organization could become the victim of the next major data breach.