When big data and cybersecurity collide

Protecting your company’s data starts with understanding it first.

The rise of big data and the evolution of cybersecurity are intertwined in important ways. Understanding how they relate can help companies better determine what capabilities they must develop or acquire in order to take full advantage of the data they have, and at the same time keep that data safe.

Growth and democratization

Data is growing, not only in terms of the well-known three Vs—volume, variety and velocity—but also as measured by a fourth V: value. Today, data - even unstructured data - can be aggregated, converting into machine readable formats, combined with structured data, and analyzed to not only inform business decisions by providing insight in retrospect, but to also drive actions in real time. Fraud detection in financial services, preventive maintenance on the factory floor and predictive sales inventory management are a few examples.

If companies want to extract maximum value from their data, its use cannot be restricted to data scientists and senior executives. It must be democratized and made available at every level of the enterprise. Further, this needs to happen in the context of a do-it-yourself culture where every employee who needs data can get it in a form that’s useful.

These two trends, growth and democratization, are having game-changing effects on cybersecurity. The growth in the amount and variety of data has led to a concurrent growth in the infrastructure that generates and supports that data. This in turn means a much larger attack surface, one that involves complex and distributed interactions between people and applications that may be on premise, off premise, on mobile devices, or in the cloud. Intelligent devices that belong to the growing Internet of Things (IoT) expand this attack surface even further. And the continuous digitization of systems and processes exposing enterprise ‘surfaces’ to the external world exacerbates the risks.

Data-first security

Because the data that’s available today no longer resides in siloed applications, the old approach of defending those silos won’t work anymore. Companies have to think in terms of defending the data itself. When data is available via multiple paths, erecting more barriers around application silos won’t protect it. This is the essence of data-first security.

While the growth of the attack surface has increased the risk of external attack, data democratization has put data at greater risk from within the enterprise, for the simple reason that more people have access to it. Insider attacks are a serious problem. Although estimates vary, multiple studies are in agreement that more than 40 percent of all data breaches are perpetrated by insiders.

Same technologies serve both agendas

Luckily, the very advanced technologies that have been deployed to analyze big data for business purposes can also prove extremely effective when it comes to blocking threats, detecting breaches and mitigating the effects of successful attacks.

Protecting enterprise data at rest and in motion (inside or outside the traditional boundaries of the enterprise) relies heavily on pattern recognition. This involves combing through the dozens upon dozens of log reports related to authentications and authorizations, data changes, network activity, resource access, malware, critical errors and more. Security groups must be able to characterize what’s normal vs. what represents a potential threat in these logs, with heavy emphasis on avoiding false positives and false negatives.

Success depends on being able to perform sophisticated data analytics at scale in real time. This is where advances in data science and the rise of platforms for managing big data such as Hadoop can come to the aid of CISOs. Machine learning can also play an important role in defining “normal” at increasing levels of granularity, and thereby automating the identification of anomalies that represent likely threats. In other words, in the same way organizations can leverage data patterns to drive business success, IT organizations can leverage data patterns to strengthen security.

The human factor

In meeting the twin challenges of maximizing the inherent value of data while ensuring its safety, people play a role as big as if not bigger than platforms. After all, it takes human minds to look for unlikely connections between data sets and patterns, to ask the right questions, and find the right problems for data platforms to then solve. It also takes human imagination to conceive of experiences and solutions that consumers might value and then employ technology to unearth data and insights in service of that vision. For CISOs, the people factor comes first too. This means building a healthy data culture within the organization. It also means finding ways to promote and enforce desired behavior, such as adherence to password discipline, avoidance of phishing schemes, use of secure networks (vs. Wi-Fi in airports and cafés) and other best practices which are often well known but not well observed.

A secure data fabric for the enterprise

With this approach to bringing together thinking around data and cybersecurity, organizations lay a valuable foundation for both structured and unstructured data to act on business, rather than having people look for relevant data to act on. This means business solutions are driven by human vision, but the ensuing decisions and actions are guided by data-led intelligence. This also extends to the realm of security, where digital trust is carefully nurtured by people amplified by technology that can automate responses to block attacks or mitigate their effects.

And this might well be the competitive advantage your enterprise needs to pivot around the turn and surge ahead.

This article is published as part of the IDG Contributor Network. Want to Join?

NEW! Download the Fall 2018 digital issue of CIO