Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ahmed K. Ezzat, Big Data: Security, Compliance, Auditing, and Protection 1 Data Mining and Big Data.

Published bySilvia Andrews Modified over 9 years ago

Similar presentations

Presentation on theme: "Ahmed K. Ezzat, Big Data: Security, Compliance, Auditing, and Protection 1 Data Mining and Big Data."— Presentation transcript:

1 Ahmed K. Ezzat, Big Data: Security, Compliance, Auditing, and Protection 1 Data Mining and Big Data

2 2 Outline 1. Introduction 2. Top Ten Challenges 3. Security, Compliance, Auditing, and Protection  Steps to securing Big Data  Classifying Data  Protecting Big Data Analytics  Big Data and Compliance  The Intellectual Property Challenge 4. Best Practices 5. Summary

3 Introduction 3

4 Security and privacy issues are magnified by velocity, volume, and variety of Big data, such as large scale cloud infrastructure, diversity of data sources and formats, streaming nature of data acquisition, and high volume inter-cloud migration. Traditional security mechanisms are in-adequate Streaming data demands ultra-fast response time from any security and privacy solution. Below is highlights of the top ten big data security and privacy challenges: 4 1. Introduction

5 Secure computations in distributed programming framework Security best practices for non-relational data stores Secure data storage and transaction logs End-point input validation/filtering Real-time security/compliance monitoring Scalable and privacy-preserving data mining & analytics Cryptographically enforced access control and secure communication Granular access control Granular audit Data provenance 5 1. Introduction

6 Top Ten Challenges 6

7 (1) Secure computations in distributed programming framework: typically we have parallel computation and storage access. One model is to use M/R framework, which splits an input file into chunks. Mapper would read a chunk and performs some computation and output K/V pairs. Reducer combines values belong to each distinct key and output the result. There are 2 potential issues with the above model: securing the mappers (can return wrong results to reducers) and securing the data in the presence of untrusted mapper! 7 2. Top Ten Challenges

8 (2) Security best practices for non-relational data stores: these stores are still evolving w.r.t. security. For example, secure NoSQL injection is still not mature. Each NoSQL DB was built to tackle different challenge posed by analytics and hence security was not part of the model in the design phase Typically NoSQL developers embed security in the middleware rather then being embedded in the DB itself Clustering in NoSQL poses additional challenge to the robustness of such security practices 8 2. Top Ten Challenges

9 (3) Secure data storage and transaction logs: data and transactional logs are stored in multi-tiered storage media. Manually moving data gives the IT manager direct control over exactly what data is moved and when. When data is very large (Big Data) scalability necessitated auto-tiering for big data storage management. Auto tiering poses new challenges to secure data storage and new mechanisms are needed. 9 2. Top Ten Challenges

10 (4) End Point Input validation/Filtering: many Big Data use cases in an enterprise setting require data/event collection from many sources, such as end-point devices. A key challenge in the data collection is data validation: how can we trust the data? How we can validate that the source is not malicious and how do we filter malicious input from our collection? Input validation and filtering is a daunting challenge posed by untrusted sources 10 2. Top Ten Challenges

11 (5) Real-time security/compliance monitoring: real-time security monitoring is always a challenge (i.e., given the # of alerts that may lead to false positives). This problem increases with big data given the volume and velocity of data streams. However, big data technology might also provide an opportunity with fast processing and analytics which in turn can be used to provide real-time anomaly detection based on scalable security analytics. Examples include: who is accessing which data from which resource at what time; d we have breach of compliance standard C because of action A? 11 2. Top Ten Challenges

12 (6) Scalable and Composable Privacy-preserving Data Mining and Analytics: this is manifested in enabling invasion of privacy, invasive marketing, decreased civil freedom, and increase state and corporate control! User data collected by companies and government agencies are constantly mined and analyzed by inside analysts and possibly outside contractors. A malicious insider or untrusted partner can abuse these datasets and extract private information about customers. It is important to establish guidelines and recommendations for preventing inadvertent privacy disclosures. 12 2. Top Ten Challenges

13 (7) Cryptographically enforce access control and secure communication: to ensure that the sensitive private data is end-to-end secure and is only accessible by authorized entities, data has to be encrypted based on access control policies. To ensure authentication and fairness among the distributed entities, a cryptographically secure communication framework has to be implemented 13 2. Top Ten Challenges

14 (8) Granular access control: the problem with course- grained access mechanism is that data that could otherwise be shared is often swept into a more restrictive category to guarantee sound security. Granular access control gives data managers ability to share data as much as possible without compromising security. 14 2. Top Ten Challenges

15 (9) Granular audits: with real-time security monitoring, we try to be notified at the moment an attack takes place. In reality, this will not always be the case. To get to the bottom of any attack, we need audit information. This is not only helpful to understand what happened but also is important from compliance and regulations point of view. Auditing is not new, but the scope and granularity might be different, e.g., we might need to deal with a large number of distributed objects! 15 2. Top Ten Challenges

16 (10) Data provenance: provenance metadata will grow in complexity due to large provenance graphs generated from provenance-enabled programming environments in big data applications. Analysis of such large provenance graphs to detect metadata dependencies for security/confidentiality applications is computationally intensive. 16 2. Top Ten Challenges

17 Security, Compliance, Auditing, and Protection 17

18 The sheer size of Big Data brings with it a major security challenge. Proper security entails more than keeping the bad guys out; it also means backing up data and protecting data from corruption. Data access: data can be protected if you eliminate access to the data! Not pragmatic so we opt to control access. Data availability: controlling where the data are stored and how it is distributed; more control position you better to protect the data. Performance: encryption and other measures can improve security but they carry a processing burden that can severely affect the system performance! 18 3. Security, Compliance, Auditing, and Protection

19 Liability: accessible data carry with them liability, such as the sensitivity of the data. The legal requirements connected to the data privacy issues, and IP concerns. Adequate security becomes a strategic balancing act among the above concerns. With planning, logic, and observations, security becomes manageable. Effectively protecting data while allowing access to the authorized users and systems. 19 3. Security, Compliance, Auditing, and Protection

20 Pragmatic Steps to Securing Big Data:  First get rid of data that are no longer needed. If not possible to destroy then the information should be securely archived and kept offline  A real challenge is to decide which data is needed? As value can be found in unexpected places. For example, activity logs represent a risk but logs can be used to determine scale, use, and efficiency of big data analytics  There is no easy answer to the above question, and it becomes a case of choosing the lesser of two evils. 20 3. Security, Compliance, Auditing, and Protection

21 Classifying Data:  Protecting data is much easier if data is classified into categories, e.g., internal email between colleagues is different from financial report, etc.  Simple classification can be: financial, HR, sales, inventory, and communications.  Once organizations better understand their data, they can take important steps to segregate the information and that makes it easier to employ security measures like encryption and monitoring more manageable 21 3. Security, Compliance, Auditing, and Protection

22 Protecting Big Data Analytics:  A real concern with Big Data is the fact that Big Data contains all of the things you don’t want to see when are trying to protect data, very unique sample set, etc.  Such uniqueness also means that you can’t leverage time-saving backup and security technologies such as deduplication.  Significant issue is the large size and number of files involved in Big Data Analytics environment. Backup bandwidth and/or the backup appliance must be large and the receiving devices must be able to ingest data at the delivery rate of data. 22 3. Security, Compliance, Auditing, and Protection

23 Big Data and Compliance:  Compliance has major effect on how Big Data is protected, stored, accessed, and archived.  Big Data is not easily handled by RDBMS; this means it is harder to understand how compliance affects the data.  Big Data is transforming the storage and access paradigm to a new world of horizontally scaling, unstructured databases, which are more suited to solve old business problems with analytics.  New data types and methodologies are still expected to meet the legislative requirements expected by compliance laws 23 3. Security, Compliance, Auditing, and Protection

24 Big Data and Compliance:  Preventing compliance from becoming the next Big Data nightmare is going to be the job of security professionals.  Health care is a good example of Big Data compliance challenge, i.e., different data types and vast rate of data from different devices, etc.  NoSQL is evolving as the new data management approach to unstructured data. No need for federating multiple RDBMS. Clustered single NoSQL database and being deployed in the cloud. 24 3. Security, Compliance, Auditing, and Protection

25 Big Data and Compliance:  Unfortunately, most data stores in the NoSQL world (i.e., Hadoop, Cassandra and MongoDB) do not incorporate sufficient data security tools to provide what is needed.  Big Data changed few things: For example network security developers spent a great deal of time and money on perimeter-based security mechanisms (e.g., firewalls) but that cannot prevent unauthorized access to data once a criminal/hacker has entered the network!  Lessons learned:  Control access by process, not job function 25 3. Security, Compliance, Auditing, and Protection

26  Secure the data at the data store level  Protect the cryptographic keys and store them separately from the data  Create trusted applications and stacks to protect data from rogue users  Once you begin to map and understand the data, opportunities will be evident that will lead to automating and monitoring compliance and security compliance.  Of course automation does not solve every problem; there are still basic rules to be used to enable security while not derailing the value of Big Data: 26 3. Security, Compliance, Auditing, and Protection

27  Ensure that security does not impede performance or availability  Pick the right encryption scheme, i.e., file, document, column, etc.  Ensure that the security solution can evolve with your changing requirements 27 3. Security, Compliance, Auditing, and Protection

28 The Intellectual Property (IP) Challenge:  One of the biggest issues with Big Data is the concept of IP.  IP refers to creations of the human mind, such as inventions, literary and artistic works, and symbols, names, images used in commerce.  Some basic rules are:  Understand what IP is and know what you have to protect  Prioritize protection  Label (confidential information should be labeled 28 3. Security, Compliance, Auditing, and Protection

29  Educate employees  Know your tools: tools that can be used to track IP stores  Use a holistic approach: includes internal risks as well as external ones.  Use a counterintelligence mind-set: think as if you are spying on your company and ask how would you do it?  The above guidelines can be applied to almost any information security paradigm that is geared toward protecting IP. 29 3. Security, Compliance, Auditing, and Protection

30 Best Practices 30

31 Similar to any BI or Data warehouse initiative, it is critical to have clear understanding of the organization’s data management requirements and strategy before venturing in the Big Data analytics path. Start from a business perspective and not get hung up on the technology. Start small but with high-value opportunities with Big Data. Thinking Big: leverage Hadoop and emerged packaged analytics tools. Ultimately scale will become the main factor when mapping Big Data analytics roadmap. Be careful about the potential growth of the solution. 31 4. Best Practices

32 Avoid Bad Practices:  Thinking, “If we build it, they will come.”  Assuming that the software will have all the answers.  Not understanding that you need to think differently.  Forgetting all of the lessons of the past, i.e., before Big Data.  Not having the requisite business and analytical expertise.  Treating the project like a science experiment.  Promising and trying to do too much. 32 4. Best Practices

33 Baby Steps:  Decide what data to include and what to leave out.  Build effective business rules and then work through the complexity they create.  Translate business rules into relevant analytics by a collaborative fashion.  Have a maintenance plan.  Keep your users in mind – all of them including end users. 33 4. Best Practices

34 The Value of Anomalies:  Some developed scrubbing tools to discard what is considered anomaly.  There are scenarios where anomalies prove to more valuable than the rest of data in a particular context; do not discard data without further analysis.  Example-1: network security where encryption is the norm, access is logged, and data are examined in real time. Ability to identify uncharacteristic movement of data is of utmost importance!  Example-2: online shopping where many buying trends start off as isolated anomalies created by early adopters 34 4. Best Practices

35 Of products. This type of information (early trends) can make or break a sales cycle.  Twitter: there are often big disparities among dimensions. Hashtags are typically associated with transient irregular phenomena as opposed to, for instance, the massive regularity of similar tweets. In other words, we should treat dimensions separately. The dimensional application of algorithms can identify situations in which hashtags and user names, rather than locations and time zones, dominate the list of anomalies, indicating that there is very little similarity among items in each of these groups 35 4. Best Practices

36 Expediency Versus Accuracy:  Traditionally we compromise between performance and accuracy.  Hadoop solved some of these problems by using clustered processing, and additional technologies have been developed to boost performance.  Yet real-time analytics has been mostly a dream; constraints by budgetary limits for storage and processing power.  This implies if you need answers fast, you are limited to a small data sets, which may lead to less accurate results.  The industry is addressing the speed vs. accuracy by using in-memory processing technology 36 4. Best Practices

37 In-Memory Processing:  In-memory processing gets us closer to real-time results (i.e., avoid disk latency and wide-area network connections).  What is the goal: is it to speed up results for a particular process? Is it to meet the needs of a retail transaction? Is it to gain a competitive edge? Or even combination?  Typically the value gained is dictated by the price feasibility of faster processing; that is where in-memory processing comes into play.  In addition, enterprise data (Gartner) projected to be 80% unstructured data typically requires more processing 37 4. Best Practices

38  When business decision makers are provided with information and analytics instantaneously, new insights can be developed and business processes executed in ways never thought possible before.  Type of data, amount of data, and the expediency of accessing the data all influence the decision of whether to use in-memory processing. 38 4. Best Practices

39  Advantages of In-memory processing:  Tremendous improvement in data-processing speed and volume.  Can handle rapidly expanding volumes of information while delivering access speeds that are thousands of times faster than those traditional disk-based solutions.  Better Price-to-Performance ratio compensating fro the extra cost incurred by in-memory processing  Leverage the recent significant reduction in CPU (multicore), memory cost, and blade architecture to modernize data operation while delivering measurable results. 39 4. Best Practices

40 Summary 40

41 41 5. Summary Integrating Big Data applications and analysis into an existing data security infrastructure rather than relying on homegrown scripts and monitors. We covered the top ten challenges in Big Data. We covered the Big Data issue related to Security, Compliance, Auditing, and Protection. We concluded with “Best Practices” when dealing with Big Data.

42 42 END

Download ppt "Ahmed K. Ezzat, Big Data: Security, Compliance, Auditing, and Protection 1 Data Mining and Big Data."

Similar presentations

NIST Big Data Public Working Group Security and Privacy Subgroup Presentation September 30, 2013 Arnab Roy, Fujitsu Akhil Manchanda, GE Nancy Landreville,

NIST Big Data Public Working Group Security and Privacy Subgroup Presentation September 30, 2013 Arnab Roy, Fujitsu Akhil Manchanda, GE Nancy Landreville,
© 2014 Cognizant 4 th March 2015 MBaaS: Mobile Backend as a Service Pablo Gutiérrez / Senior Mobility developer.

© 2014 Cognizant 4 th March 2015 MBaaS: Mobile Backend as a Service Pablo Gutiérrez / Senior Mobility developer.
Adding scalability to legacy PHP web applications Overview Mario A. Valdez-Ramirez.

Adding scalability to legacy PHP web applications Overview Mario A. Valdez-Ramirez.
Security Controls – What Works

Security Controls – What Works
Big Data Workflows N AME : A SHOK P ADMARAJU C OURSE : T OPICS ON S OFTWARE E NGINEERING I NSTRUCTOR : D R. S ERGIU D ASCALU.

Big Data Workflows N AME : A SHOK P ADMARAJU C OURSE : T OPICS ON S OFTWARE E NGINEERING I NSTRUCTOR : D R. S ERGIU D ASCALU.
Business Intelligence Michael Gross Tina Larsell Chad Anderson.

Business Intelligence Michael Gross Tina Larsell Chad Anderson.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S09761197.

Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Introduction to Systems Analysis and Design

Introduction to Systems Analysis and Design
Amadeus Travel Intelligence ‘Monetising’ big data sets

Amadeus Travel Intelligence ‘Monetising’ big data sets
Retail and Consumer Roadmap to Retailing in the Digital Era Strictly Private and Confidential 17 June 2015.

Retail and Consumer Roadmap to Retailing in the Digital Era Strictly Private and Confidential 17 June 2015.
© 2012 TeraMedica, Inc. Big Data: Challenges and Opportunities for Healthcare Joe Paxton Healthcare and Life Sciences Sales Leader.

© 2012 TeraMedica, Inc. Big Data: Challenges and Opportunities for Healthcare Joe Paxton Healthcare and Life Sciences Sales Leader.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Confidential 1 MAP Value Proposition.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Confidential 1 MAP Value Proposition.
By N.Gopinath AP/CSE. Why a Data Warehouse Application – Business Perspectives  There are several reasons why organizations consider Data Warehousing.

By N.Gopinath AP/CSE. Why a Data Warehouse Application – Business Perspectives  There are several reasons why organizations consider Data Warehousing.
What is Business Intelligence? Business intelligence (BI) –Range of applications, practices, and technologies for the extraction, translation, integration,

What is Business Intelligence? Business intelligence (BI) –Range of applications, practices, and technologies for the extraction, translation, integration,
An Analysis of Security and Privacy Issues in Smart Grid Software Architectures on Clouds Dresden, 22/05/2014 Felipe de Sousa Silva Simmhan, Kumnhare,

An Analysis of Security and Privacy Issues in Smart Grid Software Architectures on Clouds Dresden, 22/05/2014 Felipe de Sousa Silva Simmhan, Kumnhare,
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
A Brief Overview by Aditya Dutt March 18 th ’ 2014 1Aditya Inc.

A Brief Overview by Aditya Dutt March 18 th ’ Aditya Inc.

Similar presentations

Ads by Google