This article can also be found in the Premium Editorial Download "Information Security magazine: Security Readers' Choice Awards 2012: Your picks for the best security products."
Download it now to read this article plus other related content.
The volume of data that businesses collect is exploding exponentially. This includes financial transactions, location-based data, customer interactions, the supply chain, as well as data produced
The commercial impacts of big data analytics – the practice of performing increasingly sophisticated analysis on massive amounts of data, predominantly unstructured – have the potential to generate significant productivity growth for a number of vertical industry sectors. In short, big data analytics presents an opportunity to create unprecedented business advantage and better service delivery. At the same time, it promises benefits for information security while also presenting increased risks.
Senior executives and boards the world over are now faced with extremely large amounts of data, and this can be viewed as both a burden and an opportunity for their business. Research suggests that companies capturing and using big data and business analytics to guide their decision-making are more productive and have higher returns on equity than competitors that do not.
Research conducted by the McKinsey Global Institute points to big data having the capability to create substantial value and commercial impact. McKinsey found the potential of a 60 percent increase in retailers’ operating margins, 0.7 percent increase in productivity in U.S. health care, all translating into a $300 billion value per year. In addition, there's the potential increase in demand for deep analytical talent positions, estimated between 140,000 and 190,000.
Pressure is mounting on businesses to embrace big data because of the enormous insights and competitive advantage it can provide. Computers are increasingly crunching numbers to find answers previously thought indecipherable. This is introducing new problems. For example, poor quality information or untested models can send businesses off course.
As big data changes the game for businesses, the security risks have become much greater. From an information security standpoint, the key issues surrounding big data – both pro and con – tend to fall into the following five buckets:
- Data breaches – With more transactions, conversations, interactions and data now online, the incentives for cybercriminals have never been better. Companies have more to worry about than the one-off data breaches or hacker attack stories that make headlines; breaches involving big data could have far-reaching consequences and mean reputational damage, legal liability and even financial ruin. Cyber resilience and preparedness strategies are crucial for big data. However, using big data security analytics could also help identify cybercriminals or zero day attacks.
- Data in the cloud – The pressure for businesses to quickly adopt and implement new technologies such as cloud services, often to support big data’s challenging storage and processing needs, comes with unforeseen risks and consequences. Big data in the cloud is a highly attractive target for harvesting data and places more demand on businesses to get their secure cloud sourcing strategy right. Furthermore, importing data into a big data store in the cloud can result in the removal of permissions or confidentiality restrictions on the original data.
- Consumerization – Together with the growth of big data is the proliferation of new mobile devices used to gather, store, access and transfer data. The challenge for businesses is in managing and securing personal devices brought into the workplace by employees and balancing the need for security with productivity. Businesses should enforce employee acceptable usage policies and continue to manage mobile devices in line with their established security policy. Businesses should also consider how they might use big data analytics tools to identify any misuse or unusual access to systems through remote login, mobile or other personal devices.
- Interconnected supply chains – Organizations are part of often complex, global and interdependent supply chains, which can be their weakest link. There is a key role for information security in coordinating the contracting and provisioning of business relationships, including outsourcers, offshorers and supply chain and cloud providers. Big data analytics has the potential to create an overarching view of an organization’s supply chain security by analyzing high-risk suppliers’ data and comparing suppliers across different dimensions of information security risk.
- Privacy – As huge amounts of data are generated, stored and analyzed, privacy concerns are becoming an even larger issue. Businesses need to start planning for new data protection requirements as soon as possible while monitoring for further legislative and regulatory developments in other jurisdictions where your customers are based. Also, they should consider using big data analytics tools to identify where private personal information is being stored and how it is protected.
Big data analytics have the potential to reduce the growing number of cyber security risks and increase business agility. Businesses eager to adopt these new technologies for business benefit will be well advised to set out clear good practice guidelines for big data. They need to understand the legal and other restrictions that may apply to data they collect, store and use across multiple jurisdictions. Companies should also implement privacy best practices, designing them into the analytics programs they are using for big data, and build in transparency and accountability, all the while considering the impact of big data usage on people, processes and technology.
About the author:
Steve Durbin is global vice president of the Information Security Forum (ISF), an independent, nonprofit association. His main areas of focus include the emerging security threat landscape, cybersecurity, consumerization, outsourced cloud security, third-party management and social media across both the corporate and personal environments. He was formerly senior vice president at Gartner, where he was the global head of Gartner’s consultancy business. Send comments on this column to firstname.lastname@example.org.
This was first published in September 2012