This post is also available in: עברית (Hebrew)
Large companies in the market are recognizing that standard data security no longer addresses every big data security concern.
According to techrepublic.com, while companies can put controls to regulate the incoming flow of data, there are very acute security concerns that emerge once the data is placed where it can be accessed or shared. Who should be authorized to see the data in its entirety, and who within the organization needs to know some of the data, but not all of it?
“We are seeing major transitions in the big data market now,” said Venkat Subramanian, CTO at Dataguise, a data protection and compliance vendor. “Companies are moving from traditional data services to the big data market, and they are beginning to move more of their standard and big data applications from on-premises data centers to the cloud. Whether big data is stored on-premises or in a cloud environment, appropriate governance measures for this data are needed.”
As part of big data managing, there are plenty of security measures that companies should take. Among them are:
- Conduct regular reviews of user access to data: IT should sit down with corporate stakeholders who access data and review data access permissions for all authorized personnel. When employees/contractors are no longer employed with the company, they should be immediately removed from access.
- Data masking: Masking can be used to edit sensitive data elements so this data isn’t shared outside of the company.
- Encrypt data: If big data is stored in a single data repository that all employees with appropriate clearances are able to access, encryption can be used on the data. “The idea behind data encryption is that you give everyone maximum flexibility to get at the data that they need, and they can do so safely,” said Subramanian. “The encryption is a secure ‘wrap’ around the data.”
Collectively, these approaches help companies with their big data governance, but it is still up to getting managers to regularly review access privileges of their employees, and to cooperate when usage abnormalities are detected.
“No one wants their feet to be held to the fire for a security breach,” confided one CIO at a marketing firm. “But when it comes down to scheduling a meeting to review data access policies and who should have what, it is always treated as a low priority meeting that can only be scheduled after campaign launches and project priorities are met.”