There is an incredible number of people, devices, and sensors that generate, communicate, and share data. Analyzing this data gives organizations the ability to gain customer insights, develop better applications, and improve efficiency and effectiveness – or simply make better decisions. While these insights are bringing many benefits to companies, there are also increasing concerns over the trustworthiness of this data as well as the security and compliance challenges regarding the way it is used.
Almost everything we use today creates data – from our smartphones, to connected TVs, to our smartwatches. According to IDC, by 2025, 175 Zeta Bytes (1021) of data will have been created worldwide.
On the organizational level, this also includes the large amount of data that was accumulated internally as well as that which comes from complex infrastructure.
Much of this data, such as emails, spread sheets, and word documents, is held in unstructured form. In addition, a lot of data is created in an ad hoc manner which causes significant problems because it is hard for an organization to know what exists and where it is stored.
And looking at the term big data from a broader perspective, much more potential comes from utilizing data from external sources like social media, publicly available data from government databases, and data from other organizations.
The combination of data sets holds a lot of value when gaining insights or trying to make decisions based on consumers preferences.
Here are the top 3 challenges for big data security and compliance in 2019:
A lot of data that is used to gain insights can be attributed to individuals. Personally identifiable information is everywhere – sometimes even in unexpected places. Many consumers aren’t aware of how their data is being used and what organizations do with it. Concerns about the use of big data are leading to ever stricter regulations on how organizations can collect, store, and use information.
Big data magnifies the security, compliance, and governance challenges that apply to normal data, in addition to increasing the potential impact of data breaches.
Organizations have to comply with regulations and legislation when collecting and processing data.
While data protection legislation around the globe differs in certain aspects, it all shares the same basic principles. It’s all about taking care of personal information, data privacy, and controlling how data is used. Users have be able to understand what data is collected. The processing of that data needs to be legitimized by user consent.
Looking at the sheer amount of data organizations have to process, protecting and managing data is becoming more and more complicated.
When there is no clear ownership for big data and poor control over its lifecycle, data management becomes a true challenge.
Many organizations tend to see security as a technology issue, meaning that security is just another requirement IT departments have to fulfill and that it is a problem that can be solved by just buying yet another security solution.
Great data governance is more than that: it starts at the board level. The board has to define business goals for the use of big data together with acceptable risk and compliance requirements.
There must be clearly defined responsibility for the data, and its lifecycle must be properly managed. To comply to data privacy regulations, organizations must be able to audit the way data is acquired, processed, analysed and secured as well as the way the outcomes of analytics are used.
Security by Design is great. But looking at the vast amount of devices and infrastructure that produce data, many of them aren’t constructed with security in mind. Especially when it comes to IoT devices, the limited ability to resist cyberattacks becomes even more problematic. Sometimes it isn’t even possible to upgrade their defense.
This could not only impact the trustworthiness of data, it could also give hackers access to vulnerable infrastructure.
In addition, the technology that is used to process this data was designed with massive scalability in mind and not necessarily to enforce security controls.
While the absence of security by design is nothing new, complex big data environments only make things worse. There are enough vulnerabilities and backdoors in on premises big data analytics environments. With the use of cloud services, especially when it comes to hybrid or multi-cloud environments, we have reached another level of complexity with new challenges and risks.
Using out-of-the-box security delivered by cloud providers and improperly set security controls can lead to exposed data on the internet.
Additionally, data sent to cloud services is often unprotected. A lot of data breaches have occurred because of the simplest countermeasures were non-existent or not integrated properly.
To make sure this doesn’t happen to you, adopting a privacy by design approach is crucial. You have to make sure that your data management is under control and that data is protected anywhere it is used, stored, or in motion. Pseudonymize it whenever possible.