Big data creates storage security headaches for CISOs

According to the analysts 80 percent of companies underestimate the importance of security to big data.

Image: Shutterstock

A central requirement of big data could be the need for a data-centric approach to security. That might sound obvious enough — if you are going to stick all your vital corporate data in huge repositories then it might be an idea to make sure those repositories are secure — but apparently it is not be obvious to many.

According to the analysts at Gartner, by 2016 more than 80 percent of organisations will fail to develop a consolidated data security policy across all their data silos.

It's not difficult to see how Gartner's analysts could come up with this worrying scenario. Among all the many strategies it is dealing with there are two particularly absorbing ones — big data and and the cloud and the diversification of assets that is inherent to the cloud.

So while, on the one hand, big data means consolidating information, on the other hand the cloud is spreading it. According to Gartner, organisation should be concerned about the security implications of these trends taken together.

As principal analyst, Brian Lowans puts it: "Businesses have traditionally managed data within structured and unstructured silos, driven by inherent requirements to deploy relational database management systems, file storage systems and unstructured file shares."  

The arrival of big data and cloud storage environments is transforming the way in which data is stored, accessed and processed so chief information security officers (CISO) need to develop a data-centric security approach themselves.

"Unfortunately this is not common practice today," Lowans said.

Access to public cloud services and infrastructure further complicates this process due to the potential access by cloud service providers and security vendors, said Lowans. Further, data flows will inevitably result in a growing need to monitor and audit access, and to protect data across silos.

The market is moving towards the adoption of standards for controlling access, but we are not there yet, he said, offering two suggestions for improving things.

Firstly, CISOs should evaluate current implementations of DCAP (Data link switching Client Access Protocol) solutions against their data security policies. They should address databases, unstructured data, cloud storage and big data silos.

Secondly, CISOs should try to identify gaps in the current implementation of their data security policies and review the risks against potential DCAP solutions.

Lowans also highlighted another potential problem. "Business stakeholders may not be accustomed to having strong relations with security teams," he said, "and CISOs will need to build partnerships with them to develop new management structures for data security accountability and to identify cross-functional training needs."

It is not difficult to read between the lines here. Within organisations the business side and IT security may not always have been on the closest of terms, he is saying, but the imperatives of the world today will mean that that will change.

For details of the Gartner paper, Big Data needs a data-centric security focus, see here.

Further reading