With the increase in major security breaches and unlawful use of data over the past few years, there is no question that Big Data is an area that needs stronger patrolling than provided by traditional security practices. Because of the immense amount of information that is at hand, Big Data breaches have huge consequence. The growing number of companies using big data has vastly increased, with all utilizing it to store and analyze petabytes of data. So with all of this information at hand, what steps do we need to take in order to provide higher security of this sensitive information?
The solution is relatively easy - we need to start by demystifying security. This can be achieved by being open, showing people how their information is really being stored and by making sure that people coming out of schools, colleges and universities have a working understanding of everyday security and search, to make sure that we can pry it away from the “experts” and place it fairly into the “everyday” bracket. Once this is done, consumers of search and security must not take the phrase “that cannot be done” seriously. After all, users are now more in tune with the technology they use due to the rise of smartphones and app stores. Not only are they exposed to a wide variety of technology, they are also better versed than ever before due to the information available via the Internet. But, we can’t assume that a majority know the proper steps to ensuring security, which is why we need to educate.
As a starting point, let me define the three areas of Big Data where security is necessary.
Firstly, logging into a secure service. Accessing a secure system, such as online banking or online retailing, is a growing area of use for cloud computing. Yet time after time these systems are compromised, with user credentials and credit card details being stolen, used and abused. The fundamental problem is how to validate a user’s credentials and allow the use of stored credit or debit card details without allowing the compromise of these details if the server or network is compromised. While there is never going to be a definitive answer, there are certain things that can be done.
1) Define the required data into two separate types:
- Data to be verified against and not read
- Data to be read and used
2) Encrypt (convert into a code) group ‘b’ and cipher (convert back from code) group ‘a’ so that it cannot be de-ciphered by hackers.
3) Allow searching to send back a Boolean (true or false data set) on the first set of data to validate the user and credit card details.
4) Allow the user to carry out transactions simply and securely.
The second area in which security is needed is for the storage of files on public cloud stores. Users have swarmed to public cloud stores in the millions. The reasons for this are many, but the main one seems to be ease of use for the file. The problem here is simply that users are ignoring corporate policies and placing their enterprise files onto an unsecured public cloud based system. These files are stored with many other files and have no real security surrounding them, leaving them open to attack, theft and loss. Instead of trying to ban the use of these systems, we need to bring them into the workflow, without compromising the files or data that they hold, and without losing the ease of access and functionality that they provide to the user.
To do this, we need to make sure that the stored files have been encrypted, prior to their being uploaded to the public store, while making sure that the users keep all of their current functionality. This can be achieved by securely indexing these files, using an index algorithm that never allows for the file’s content to be compromised, but still allows for full searching capabilities. Once this is accomplished we need to furnish the user with applications that can take the benefits of these stores and also provide them with the benefits of the security. These apps should preferably place within the user’s current work flow, or make sure that they are as easy to use as the native cloud store apps already are.
The third area where security is needed goes beyond the enterprise and into the real world. As Big Data infiltrates into every part of our lives, the opportunity for transmission of sensitive information continues to expand. The Internet of Things has begun and will continue to be incorporated into everything we do within and outside of the workplace. What does this mean for us? There is an ever growing amount of sensitive data that can potentially be breached or used maliciously.
How do we combat the potential vulnerabilities? Not only must users be educated of the potential risk at hand, the Internet of Things must also be encrypted at the basic user level. Users of these connected devices, such as smart TVs, connected home appliances, and connected cars have no idea that the information being transmitted is not completely secure. Most users don’t even know that the data they are transmitting can be accessed by outside parties because of the fake ‘in your home’ comfort factor. Should users be warned of the potential security risks of speaking in front of their smart TV or lowering the temperature of their home with their smart phone, they are given deserved knowledge that comes with use of these devices.
The solution to the security problem largely stems from pure education on security practices. Many users are completely unaware of what they are doing with their information, how it’s being used, what to be concerned about, etc. The list is endless. Big Data has such a large place in our computing practices today that there is no excuse for unwillingness to learn and unwillingness to teach. It will only integrate further into daily lives and face more of a threat from data breaches of highly sensitive information. Big Data expands the boundaries of existing information security responsibility and has introduced a significantly different set of new risks and challenges. Together, we must educate and collaborate in order to combat the risks that we face as we utilize the highly useful areas of Big Data.
About the Author: Simon Bain is the company founder, CEO and chief architect of SearchYourCloud’s software solutions.