It doesn’t take a clairvoyant – or in this case, an research analyst – to see that “big data” is becoming (if it isn’t already, perhaps) a major buzzword in security circles. Not only big data as applied to security, but also security for big data. But what does “securing big data” actually mean?
But database security for other types of databases, such as non-relational data stores that are increasingly important in the age of big data and cloud, mostly goes uncovered.
Note that I specifically focus on the platforms used to store and process the data, not the data itself. We have to distinguish those two, just as we distinguish document formats from the contents stored in a document. Yes, platform capabilities are important, but they don’t capture the full breadth of security concerns with – as we define it – data that is high in volume, velocity, and variety. In an environment that is all about really putting data to use, how do you design the right controls?
Or more precisely, what exactly we will need to do about this at the technology level – i.e., which technical controls make sense given specific exposure and threats to this information (not all of which result from [lack of] capabilities in the platform)? The latter part of that question requires more effort than just throwing “the usual” security solutions that have simply been re-badged with a “big data” label. Technical controls are no substitute for good understanding of data and its use.
Don’t get me wrong, I do believe several vendors will create very useful solutions – and some will be extensions of traditional products. So although I don’t believe the need for securing big data is a fad, the impending storm of marketing slogans around securing big data (and its possible ramification of leading to ineffective control designs) may well make it feel like one.
Much of the “securing big data” will need to be handled by understanding the data and its usage patterns – lest we repeat the “grant all” stance used in many RDBMSs instances. In other words, know your data to know your controls.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.