Managing Your Big Data Security Strategy in 2017

Need training for Big Data? Browse courses developed by industry thought leaders and Experfy in Harvard Innovation Lab.

In the era of Big Data, as the amount of data available for analysis has exploded exponentially, securing that data has become absolutely essential for corporate success. Firms like Target and Home Depot and political entities like the Democratic National Committee know first hand the deleterious impact that data breaches can have on the corporate brand and bottom line. While the businesses are impacted in different ways, it is the consumers of these businessess who almost always suffer the consequences. To see how data breaches have impacted you personally, you can go to HaveIBeenPwned and enter your email address to identify where your identity has been compromised. If you have been around the Internet block for a while, you are almost certain to find yourself on the list.

Achieving corporate data security requires attention to several basic but essential principles:

1. Have a Comprehensive Strategy: Data security has several interrelated elements: hardware, security software, network infrastructure, organizational leadership, and policies governing personnel recruitment, training and data access. The best firms do not approach these elements as silos but treat them holistically with an integrated strategy. For example, you can have the best hardware but if your network infrastructure or security software are obsolete, data can easily be corrupted or stolen. Likewise, human error, personnel policies and poor leadership are critical parts of data security. Employees do steal or if poorly trained are unable to intervene effectively to address data threats. Many data breaches are the result of laptops being stolen from a home that had private customer data on them so policies governing the use of laptops are essential. Weakness in any element of data security can corrupt the entire system.
2. Use Hadoop Intelligently: Hadoop has emerged as a powerful tool for storing large amounts of data but because it runs in non-secure mode by default, it is essential to be up-to-date on security and data governance offerings. Cloudera, Hortonworks and MapR have emerged as major Hadoop distribution providers with strong security solutions in the areas of authentication, authorization, and encryption so remaining abreast of the best-in-class Hadoop security tools is vital. The last thing you want to do is to aggregate, perhaps, your most valuable asset (i.e. data) in a Big Data envionment and give others the ability to hack it and take away your competitive advantage.
3. Backup Data: Hardware fails. It is a simple fact of life. The only way for those failures not to be catastrophic is for your data to be regularly backed up, whether in the cloud or in your server farms. Aside from the obsolescence that is intrinsic to all hardware, there is the constant threat of theft and the increasingly important threat that climate change-induced disasters–floods, hurricanes, fires–pose to data. Regularly backing up data gives you the best chance to overcome those technological, criminal and natural threats.
4. Create a Security Checklist Specific to Your Organization: All organizations are different and have distinct data security needs based upon their industry. Those needs impact the database technologies that they utilize and their data priorities. For example, NoSQL databases are used in industries where horizontal scaling and real-time applications are critical. MongoDB, a key NoSQL provider, offers an excellent security checklist that can be adapted for the specific needs of your organization. The same is true with relational databases and increasingly popular cloud-based file sharing technologies. The introspective act of senior leadership, the IT division and various corporate units working together to develop a security checklist can provide the best security firewall of all: democratic engagement throughout the firm in making data security a top priority.
5. Update Data Security Components Regularly: Data security is an organic problem as threats are constantly evolving. Hardware, network infrastructure, internal policies and especially security software should be regularly updated to adapt to the ever-changing threat landscape. This can be an enormous challenge but Experfy is developing a suite of Big Data Readiness Indexes that can help you in this regard by keeping you abreast of latest developments and the best solutions for securing data.

For related Risk Management strategies, see Experfy's Fraud and Risk Practice areas.