LAS VEGAS –Given the possibilities of big data analytics, many practitioners in its early days charged headlong into the space without giving security its proper attention. But the time to do that is right at the start of any experiment with the technology, said Ajay Dholakia, solution architect for big data, analytics and the cloud at IBM.
Dholakia spoke during an interview at the IBM Pulse 2014 conference here after participating in a panel discussion of cloud security best practices. “One of the things is that people got busy playing with big data because it is such a cool, new technology that they made lots of headway without thinking systematically about security,” he said. “So you have to step back and align your big data portion of the IT with your existing security best practices or rules that you have in place. Because it is an exciting field and people got into it, getting data sources, setting up Hadoop systems and saying, ‘O.K., let’s go play,’ and then combining them with their own data to see how it makes it more interesting. In so doing they said, ‘Oh, are we following security practices?’ Let me go back and ensure that the right sandbox is being set up to do this.’”
In a follow-up interview by email, Dholakia added: “One key security aspect of big data is the need to focus on privacy assurance when mixing public and private data sources. Initial big data sandboxes start out working with public data, but then once the potential analytics capabilities are understood, data from private sources is brought in. That is where established security practices need to be followed.”
Purchasing big data services raises its own set of security issues, Dholakia said.
“A lot of big data is being done as a service now,” he said. “So you have to understand the SLAs (service-level agreements) that are in place before the data that the company owns is going into that environment to be able to create the repository and have the queries coming back.
“If you are doing it yourself, then you need to make sure you are doing it by following the existing rules, because your IT or security team has those in place,” he said. “If you are going to somebody to get big data services, then you have to have the proper contracts in place so that your data is protected. If you are only querying public data, fine. But if you are combining it with your own data, then you have an issue.”
Dholakia pointed out that big data projects raise certain security issues, but the technology also can be used as a security solution itself. He cautioned those turning to big data for its security benefits against overlooking the need to secure the data itself.
“Big data is one potential technology to help you prove your security posture because big data can help you sift through logs and sift through activities that are going on from which you derive some sort of predictive intelligence about potential threats or an existing vulnerability,” he said. “You can actually be thinking, ‘How can big data improve my security?’ But at the same time, if you are going after a big data setup in your IT shop, then you have to align yourself with the existing security practices.”
Scott Etkin is the managing editor of Data Informed. Email him at Scott.Etkin@wispubs.com.