Ramon Krikken

A member of the Gartner Blog Network

Ramon Krikken
BG Analyst
2 years at Gartner
15 years IT industry

Ramon Krikken is an analyst in the Gartner IT1 Security and Risk Management Strategies team. He covers software/application security; service-oriented architecture (SOA) security; structured and unstructured data security management, including data masking, redaction and tokenization...Read Full Bio

Coverage Areas:

“Securing Big Data” – the Newest Fad?

by Ramon Krikken  |  May 10, 2012  |  2 Comments

It doesn’t take a clairvoyant – or in this case, an research analyst – to see that “big data” is becoming (if it isn’t already, perhaps) a major buzzword in security circles. Not only big data as applied to security, but also security for big data. But what does “securing big data” actually mean?

Not too long ago I wrote a post about renaming DAM to DAP, and published a fairly large report about current DAP capabilities [subscription required]. In the report, I note that:

But database security for other types of databases, such as non-relational data stores that are increasingly important in the age of big data and cloud, mostly goes uncovered.

Note that I specifically focus on the platforms used to store and process the data, not the data itself. We have to distinguish those two, just as we distinguish document formats from the contents stored in a document. Yes, platform capabilities are important, but they don’t capture the full breadth of security concerns with – as we define it – data that is high in volume, velocity, and variety. In an environment that is all about really putting data to use, how do you design the right controls?

Or more precisely, what exactly we will need to do about this at the technology level – i.e., which technical controls make sense given specific exposure and threats to this information (not all of which result from [lack of] capabilities in the platform)? The latter part of that question requires more effort than just throwing “the usual” security solutions that have simply been re-badged with a “big data” label. Technical controls are no substitute for good understanding of data and its use.

Don’t get me wrong, I do believe several vendors will create very useful solutions – and some will be extensions of traditional products. So although I don’t believe the need for securing big data is a fad, the impending storm of marketing slogans around securing big data (and its possible ramification of leading to ineffective control designs) may well make it feel like one.

Much of the “securing big data” will need to be handled by understanding the data and its usage patterns – lest we repeat the “grant all” stance used in many RDBMSs instances. In other words, know your data¬† to know your controls.

2 Comments »

Category: Security     Tags: , , , , ,

2 responses so far ↓

  • 1 Pearl Zhu   May 10, 2012 at 8:09 pm

    Hi, Ramon, interesting blog to pour some water at Big Data fire, well, I would say, security process for big data may need well embed into the varies sources where the Big Data come from, such as social/mobile/smart devices., etc, when big data have been collected and processed, the data life cycle management may also need include the step such as data governance/data security.

  • 2 Ramon Krikken   May 11, 2012 at 10:12 am

    Hi Pearl – indeed, because big data isn’t just “a thing,” there are many places where security can and must be implemented (and conversely, there are places where it can’t or shouldn’t). I do also believe that data governance is extremely important – for small data, too! In the end it will be a meet-in-the-middle approach that works best. We can’t do just top down or bottom up and expect things to be OK.