It doesn’t take a clairvoyant – or in this case, an research analyst – to see that “big data” is becoming (if it isn’t already, perhaps) a major buzzword in security circles. Not only big data as applied to security, but also security for big data. But what does “securing big data” actually mean?
But database security for other types of databases, such as non-relational data stores that are increasingly important in the age of big data and cloud, mostly goes uncovered.
Note that I specifically focus on the platforms used to store and process the data, not the data itself. We have to distinguish those two, just as we distinguish document formats from the contents stored in a document. Yes, platform capabilities are important, but they don’t capture the full breadth of security concerns with – as we define it – data that is high in volume, velocity, and variety. In an environment that is all about really putting data to use, how do you design the right controls?
Or more precisely, what exactly we will need to do about this at the technology level – i.e., which technical controls make sense given specific exposure and threats to this information (not all of which result from [lack of] capabilities in the platform)? The latter part of that question requires more effort than just throwing “the usual” security solutions that have simply been re-badged with a “big data” label. Technical controls are no substitute for good understanding of data and its use.
Don’t get me wrong, I do believe several vendors will create very useful solutions – and some will be extensions of traditional products. So although I don’t believe the need for securing big data is a fad, the impending storm of marketing slogans around securing big data (and its possible ramification of leading to ineffective control designs) may well make it feel like one.
Much of the “securing big data” will need to be handled by understanding the data and its usage patterns – lest we repeat the “grant all” stance used in many RDBMSs instances. In other words, know your data to know your controls.