The recent spate of news out of Home Depot and, further back, Target point to the need for better supply chain security. But really, how can we address the issue? There are several answers, but none of them seem feasible in today’s IT environments. Why? They all require open communication, constructive criticism, and willingness to work toward a solution. However, what we find is that many IT organizations feel that anyone outside their immediate organization is suspect, security is the enemy, audit is also their enemy, and developers know all.
Articles Tagged with PII
At the recent Misti Big Data Security conference many forms of securing big data were discussed from encrypting the entire big data pool to just encrypting the critical bits of data within the pool. On several of the talks there was general discussion on securing Hadoop as well as access to the pool of data. These security measures include RBAC, encryption of data in motion between hadoop nodes as well as tokenization or encryption on ingest of data. What was missing was greater control of who can access specific data once that data was in the pool. How could role based access controls by datum be put into effect? Is such protection too expensive given the time critical nature of analytics or are there other ways to implement datum security?
We are seeing more and more cloud-based big data solutions for security, business analysis, application performance management, and many other things we see the results of every day, from when we search on Google, Bing, etc., to the email we get from various marketing campaigns. We know that governments and many others are using big data, whether in a cloud form or on-premise form, to correlate various forms of data to determine who we are, where we going, what we are doing, how we are doing something, and sometimes why we are doing anything. So with all this data out there in the hands of ‘others’, how can privacy be achieved for the individual? We touched on this within the Internet of Things: Expectation of Privacy article, and within this we spoke about the handling of personal and identifiable information (PII).
For years we have had an expectation of privacy while using our computers, tablets, phones, email, etc. However, with the advent of big data analysis and everything being on the internet, the internet of things, there is no longer the veil that makes up an Expectation of Privacy. Big Data has allowed us to be tracked in new ways and as we add more devices onto the internet, more of our habits will be tracked: Such as location of boats, planes, your mobile device. Purchasing habits, your location within a store, or theme park. Perhaps even your usage of your toaster, house doors, your refrigerator, etc.
Where do we draw the line? Is there such a thing as personal privacy anymore or do we assume we are being tracked everywhere? When does our social media life end and privacy begin? What is considered to invasive?
At a dinner party recently, I was asked “does information want to be free?” This question is based on information that exists within the cloud today or tomorrow: Data in the Cloud. It is an interesting question with a fairly ready answer. Information is Power, it is people not information that controls information. Granted we have a massive abundance of information within the cloud today, is it trying to be free, or are people trying to make it free to everyone? In addition, is all this information even true or accurate?
Whether or not to put data into the cloud has been a debate since clouds were first formed. At a recent conference I was asked:
with all the security issues you brought up, why should I go to the cloud, I do not know the administrators, nor can I gain cloud visibility, so why go to the cloud at all? and if so which cloud?
There are a myriad of reasons to go to the cloud, not the least of which is politics or being told to go to the cloud. When the real question is:
which cloud services is my organization already using and how can I gain control over the data being placed into the cloud.