Big Data Security
Big Data Security
Guest post by Neil Correa, Micro Focus Solution Architect
There is a lot of buzz around the security and privacy of big data environments. What does it really mean? What’s the risk? What can be done to secure the data? I’ll try to put a quick structure together based on areas of risk as well as what types of solutions are available from Micro Focus to assist organizations in mitigating this risk.
First off, let’s start with a definition for Big Data. What is it exactly? The definition I pulled from Gartner is: “high-volume, -velocity, and –variety information assets that demand cost-effective, innovative forms information processing for enhanced insight and decision making. What that means from a privacy standpoint is that there needs to be a detail privacy assessment performed to ensure that all requirements, whether government regulations, best practices or policy are assessed. From a security standpoint, unfortunately, the bad guys don’t need to own your entire network anymore, the just need to go to one ginormous database (or Data Lake now) and take the data that they want to their hearts content.
Given that breaches are in the news almost daily and in large volumes (latest Verizon Data Breach Investigation Report stated approximately 1900 reported breaches in 2016), it’s safe to assume that a majority of these breaches include some form of large database or a group of systems that store large, massive even, amounts of data. Given the amount of security techniques, strategies, products and consultants that are around, you’d be forgiven for thinking that hackers have a 0% chance of being successful. Of course, that is not the case.
Taking a risk-based approach, it’s not the Hadoop environment, operating systems or the applications that are the cause of paranoia for your privacy and security teams, it’s (mainly) the Personally Identifiable Data or PII or PHI that is collected, used, transmitted and stored within an organization. Performing Privacy Impact Assessments (PIAs) and Threat Risk Assessments (TRAs), securing operating systems, installing anti-malware agents, deploying firewalls, etc. are all important risk mitigation strategies to reduce/prevent or detect attacks against an organization however to truly remove the risk from a big data environment, why not focus on the data itself.
There are four main technology pillars that an organization can focus on to address the challenges presented with big data:
1) “Assume breach” – CISOs today don’t talk about if their organization will experience a breach but when and how big the impact will be. As stated earlier, a layered approach is necessary for risk mitigation and to meet compliance requirements, however, by focusing on the data itself, by securing PII fields at the point of collection ideally through pseudonymization techniques, the data can retain the properties of the original PII, but not the identity. The business must leverage their big data capabilities to derive value and make money, but it can be done in a secure way using this approach.
Pseudonymization is a procedure by which most identifying fields within a data record are replaced by one or more artificial identities, or pseudonyms. For example, “Neil” could be pseudonymized to “Frxd”, the original format of the name is retained and can continue to be processed and stored in order to derive useable value out of the data. Even if Frxd’s information was stolen, the data would be useless and have no value on the black market. The main purpose for hackers now is to sell all stolen data to the highest bidder, if the data is made worthless, not only will there technically be no breach in the first place, but also, the incentive to steal is gone.
2) “You applications are the weakest link” – As mentioned in a previous article, The Business of Application Security, a majority of successful cyber-attacks have exploited some form of application vulnerability. If hackers can enter an organization through a weakness in an application, regardless of whether it connects directly with a Data Lake or not, once in, it’s a simple matter of moving within an organization to where the valuable data resides and exporting the data. Application security still isn’t a priority for many organizations and the hackers know it. At a minimum, deploying runtime application security protection (RASP) technology will immediately reduce your risk to near-zero by protecting your in-production applications. Then a preventative approach can be taken to remove vulnerabilities from future releases. This approach should also address applications on mobile devices, in the cloud or web facing.
3) “Big brother” – As great a having near-zero risks sounds, the truth is that that there is never a true zero risk solution. As such, all activities performed within the Data Lake, supporting systems, applications, analytics tools, etc. should be monitored to identify suspicious activity by authorized and unauthorized users. This requires security monitoring technologies that are scalable to meet the demands of massive big data environments. Many security technologies operate well in small to mid-sized organizations, however can’t scale up to meet the demands of a high performance, large volume environment.
4) “Who am I” – Over and above the technical controls that can be put in place, the main and authorized method to access the data, analytics platforms or systems that are managing/securing your big data environments is through a user, administrative or system account. Strong identification and authorization controls must be implemented to make sure that the entity that is trying to access our data is allowed to do so. A holistic approach to identity management would allow for easier management of users, administrative users as well as other entities.
These four pillars, along with the people and process to support them, will ensure that the business is completely enabled to perform analytics to derive value out of the data while removing almost all of the risks from a privacy, compliance (think GDPR, Canadian Bill S-4, etc.) and security standpoint.
Micro Focus has industry leading and mature technology in each of these four areas that are scalable for any sized environment. Below is a breakdown of the technologies mapped to each pillar:
1) “Assume breach” – Voltage is an industry leading pseudonymization solution (based on NIST-FF1 AES 256-bit Format Preserving Encryption). This technology is recommended in emerging privacy and data protection regulations such as the General Data Protection Regulation (GDPR) as well as standards bodies such as NIST 80-53, ISO, etc. With built in referential integrity, all instances of the same information (think “Neil”) will retain the same pseudonymized value (“Frxd”) across all systems and applications. The data will be protected throughout its lifecycle, from collection, to sharing, to storage, to use, to deletion within any environment – mobile, cloud, on-prem, development, third party systems, and of course Data Lakes.
2) “Your applications are the weakest link” – Fortify application security is a product suite covering the full software development lifecycle from the moment a developer starts to code right through to the application being operational in production. As mentioned above, to address the highest risks first, deploy our RASP solution known as Fortify Application Defender to protect in-production applications from attacks. Then work backwards to remove risks during the application development process. This type of approach fits in to any development framework such as traditional SDLC, Agile, DevOps, etc.
3) “Big brother” – ArcSight is a mature and customizable security monitoring and analytics technology that will scale to any sized environment. Leverage our ArcSight User Behaviour Analytics solution in order to monitor authorized user activity, including privilege users as well as unauthorized activity. Application layer monitoring has historically been a gap in the security portfolio, however ArcSight can be tightly integrated with existing application logs or with Fortify Application Defender that includes a pre-defined package of application security reports, dashboards and alerts. Further expanding our capabilities to meet this need, Micro Focus NetIQ has the ability to provision and audit all user accounts and privileges in a central manner to keep user identity and access management simple.
4) “Who am I” – NetIQ is a holistic Identity, Access and Security solution. NetIQ delivers identity centric security that reduces risk, drives innovation and increases business value to organizations all over the world. The adaptive identity-centric expertise, gives organizations an integrated platform for Identity and Access Management that drives the Modern IT ecosystem securely by protecting the confidentiality, integrity and availability of your systems and data.
Hope this short article was informative, helpful and enlightening. As always, constructive thoughts and comments are welcome.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Simir_Shah on: ArcSight Training in Canada: Earn CPE Credits and Get Certified
- pbrettle on: What is SIEM Anyway? How the evolution of threats has changed Security Operations
- GlynTownsend on: ArcSight Investigate digital learning is now available!
- sswargam on: SCA: Various approaches for including dependency source code during scans
- todd.densmore on: WebInspect Tips: Changing settings to improve scans