Big Data Security

At the recent Misti Big Data Security conference many forms of securing big data were discussed from encrypting the entire big data pool to just encrypting the critical bits of data within the pool. On several of the talks there was general discussion on securing Hadoop as well as access to the pool of data. These security measures include RBAC, encryption of data in motion between hadoop nodes as well as tokenization or encryption on ingest of data. What was missing was greater control of who can access specific data once that data was in the pool. How could role based access controls by datum be put into effect? Why would such advanced security be necessary?


Privacy in a Big Data World

As we look at privacy of big data within any cloud, on premise, or mixed, we need to realize that the amount of data could be so large that retroactively redacting data may be itself a big data problem and that redacting well defined PII is a possibility on ingest as well as using tools like DataGuise to redact, encrypt, tokenize, etc. such data retroactively can be accomplished as another big data task, but that only handles well known PII. How do we handle derived PII?


Data in the Cloud: Does Information want to be Free?

At a dinner party recently, I was asked “does information want to be free?” This question is based on information that exists within the cloud today or tomorrow: Data in the Cloud. It is an interesting question with a fairly ready answer. Information is Power, it is people not information that controls information. Granted we have a massive abundance of information within the cloud today, is it trying to be free, or are people trying to make it free to everyone? In addition, is all this information even true or accurate?


Going to the Cloud Safely

Whether or not to put data into the cloud has been a debate since clouds were first formed. At a recent conference I was asked:

with all the security issues you brought up, why should I go to the cloud, I do not know the administrators, nor can I gain cloud visibility, so why go to the cloud at all? and if so which cloud?

There are a myriad of reasons to go to the cloud, not the least of which is politics or being told to go to the cloud. When the real question is:

which cloud services is my organization already using and how can I gain control over the data being placed into the cloud.