How to Build Security into Big Data Environments
As we wind up 2012, it is time to reflect on what went well and where to improve for 2013. One area I personally would like to focus on is the security and privacy of my personal information. PrivacyRights.org is a good place to start. Profiled this month is how to protect yourself against fraudulent charities such as those popping up in the wake of Hurricane Sandy.
For businesses and governments, improved security and privacy should be on the “new year’s resolution” list. Organizations are under pressure to embrace the new era of computing, which brings with it new security challenges and a complex security landscape. Hackers are becoming more skilled; they are building sophisticated networks and in some cases are state sponsored. The rise of social media, the cloud, mobility and big data are making threats harder to identify and giving insiders more ways to pass protected information to outsiders with less chance of discovery.
Here is my top 5 list for improving security and privacy in 2013:
1. Discover and Understand Sensitive Data – Develop a complete picture of what types of sensitive data exist and how it is related across the enterprise. This data likely exists in databases, data warehouses, fileshares and in Hadoop-based systems. Don’t forget about non-production environments. Are you copying sensitive data for testing and development purposes, thus jeopardizing its protection?
2. Assess and Harden Database Vulnerabilities – Put a plan in place to keep databases and operating systems patched and secure. Remove out-of-the-box or default security settings to make your databases harder to penetrate.
3. Data Activity Monitoring – Conduct real-time monitoring of database, data warehouse or Hadoop-based system activity to provide immediate detection of intrusions, misuse and unusual access patterns which are characteristic SQL injection attacks, unauthorized changes to financial data, elevation of account privileges, configuration changes executed via SQL commands, and other malicious events.
4. Authentication, Access Control & Entitlement Management – Not all data and not all users are created equally. Organizations must authenticate users, ensure full accountability per user, and manage privileges to limit access to data. And organizations should enforce these privileges – even for the most privileged database users. Periodic review of entitlement reports (also called User Right Attestation reports) as part of a formal audit process will result in better enterprise data security.
5. Data Masking – Intelligently mask data throughout the enterprise to protect privacy. Ask yourself, “Who has a valid business need to know sensitive data?” If there is no required business purpose, mask the data. The data should be masked in an intelligent manner so original context and format is preserved. This is especially important when using for testing and development of applications or data warehouses.
Want to learn more? Join us for an on-demand webcast “How to Build Security into Big Data Environments,” where we will discuss how InfoSphere Optim and InfoSphere Guardium can help you satisfy your 2013 New Year’s Resolution to achieve better security and privacy.