Mexico. The use of Big Data solutions is increasingly disseminated by different organizations after making a fairly relevant decision around information security, especially in how it interferes with the use of that data and how companies themselves are preparing for the demands of this new scenario.
Many times organizations do not associate that information security can only exist in the use of Big Data if there is an integration of actions for risk prevention. There is no point in just redefining IT processes to deal with large amounts of data if the company is not attentive to the security processes that help keep the organization's data safe.
That happens because there is little control over the gigantic mountain of generated data that is influencing the foundations of institutions on a daily basis. Having as a prerogative that big data can come from anywhere and assume various formats, all care is little. And many of today's technology solutions for data processing do not enable minimum security requirements during product installation. Some only require a registration or password to access the data storage premises.
Another important fact in this context is the exposure of data on the network and even the compromise of the databases from exclusions, modifications or the sharing of information. A fairly frequent example today is the movement of traditional data services for the large data market using the Cloud environment. That way, once large amounts of data are stored in the Cloud, it is necessary to have adequate security measures for that data.
The task of CIOs is to make data security a high priority. In this way, some suggestions can strengthen the governance of Big Data:
1.- Priority security controls
The biggest security flaws in Big Data solutions are precisely in the lack of authentication mechanisms. These can be characterized from the absence of user records and passwords, to the lack of secure channels for access to databases, such as the use of cryptography. In this context, the figure of a security manager would be quite useful in the definition of security policies, both to validate requirements necessary for data protection when training internal teams that deal with those solutions focused on information security, in addition to the eventual validation of external security teams, through consultancies.
Among other measures that can be adopted in Big Data projects, are the adaptation to the rules and laws, control of access to the most strategic information, selection of the information available in the data environment and review of authenticity of the information, with guaranteed origin. Finally, using data masking can be an interesting way to write sensitive data items so that that data is not shared with people outside the company.
2.- Review of user access control to databases.
Periodically, the IT manager or the information security manager must review the data access permissions in the company's repositories. This can be done every six months or every year, and all levels of users in the organization must be reviewed, adjusting access permissions based on work responsibilities. An important recommendation: when employees leave the company, they should be immediately removed from access.
3.- Monitoring of user behavior
All the measures mentioned above are useless if the user does not follow the safety regulations. Therefore, the constant monitoring of that public is of the utmost importance. Monitoring the access habits of users can generate behavioral models that will have important information about how, when and how often a person enters the data repositories, generating alerts in case of an anomaly or uses outside the user's registers are detected.
*With information from Westcon-Comstor's business unit and one of the leading Cisco technology wholesalers.
