The well-established perception that data security is a combination of people, process and technology holds good for “Big Data”, as well as any other kind of data. In the “Big Data World” data security gets more complex and magnified, but the fundamental issues remain the same. Recent studies reveal that the total average cost of data breach can be as high as $5.4 million for a given financial year, this is a significant number. This alone is reason enough for organisations to evolve from traditional data governance mechanisms to models that can encompass Big Data as well.
This poses some big questions for Big Data advocates to ponder over though – is it moral, or legal, to make use of Big Data in such a way that it reveals information about someone, or something that may not be intended for public consumption? For example, if someone has an illness, or is carrying out activities that they don’t want others to know about? For enterprises, they should consider whether this information can lead to unintended consequences and potential data security breaches? Should a retailer be taken by surprise if they are penalised for using customer data that they have derived, for purposes unknown to the individual about whom they have collected it? Aside from morality, given the financial impact of data breaches, this requires serious thought.
An immediate action item stems from this: classification of “derived data”. Just because the sources you use to derive information are classified as freely available, does this mean that the information you have derived should also be classified as freely available? It is imperative for organisations to understand this and then classify the information from analytics, just as robustly as the information used to derive it.
This brings us to a systemic approach:
- Understand the “business outcome” that you are looking to influence through Big Data technologies, and categorically list out the value you intend to derive out of their use.
- Understand the “derived data” that you are looking to use to influence this outcome, classify it for security purposes, understanding that this classification may be different from the sources that are used to derive it.
- In other words, treat the outcome of Big Data as an information source in its own right and protect it accordingly.
Now that you have done this, given that issues can easily get out of hand, how do you optimise Data Governance processes to make them more robust? Here are some ideas:
- Increase the frequency of data monitoring. For example, with the arrival of gadgets such as smart meters, data that was once captured every month can now be captured every 10 – 15 minutes – monthly monitoring is no longer enough!
- Address data quality issues at similarly increased frequencies.
- Bring in robust data governance policies and procedures for stricter access controls and privacy restrictions on the resulting data sets.
These actions can not only help you comply with regulatory requirements on one hand, but can also help prevent security breaches that can cost heavily by way of negative publicity, lawsuits and fines.
With Big Data promising big opportunities, it is more important than ever for organisations who intend to monetise it to be extremely cautious and not fall foul of stringent data laws and compliance.
Looking forward, companies need to get hold of this issue and ensure they are securing data in the correct way – before their Big Data breach becomes the next Big Headline.
The article was originally published on Big Data Republic on December 30, 2013 and is re-posted here by permission.
The post “Big Data” or “Big Time Security Breach”? appeared first on Virtusa Official Blog.