There is little doubt that the promises of “big data” comes with risk. Steve Durbin, global vice president of the Information Security Forum (ISF), breaks down these risks into five areas: cybersecurity, data in the cloud, consumerization, interconnected supply chains, and privacy.
Cybersecurity is primary, because cybercriminals are getting more organized and are using more sophisticated techniques and tools. Even if the risk is small, a breach can wreak havoc within an organization, damaging reputations, creating substantial legal liability, and in the worst case, ruining companies financially.
Security in the cloud is perhaps what gave the cloud paradigm its biggest challenge in gaining traction five years ago. While it’s clear today that the benefits outweigh the risks, that doesn’t mean the risks don’t exist and that a security compromise isn’t potentially just as debilitating. This means that selecting a cloud partner is perhaps the most important step in maintaining security.
When Durbin refers to consumerization, he is talking about the BYOD trend. I have talked before about how BYOD is changing the security paradigm within the enterprise. The most relevant risk in this space is the idea that users will dumb down the security on their BYOD devices and enterprises have to find ways to prevent that from happening. Only robust mobility management packages can protect the enterprise, as users will simply never place the same emphasis on data security that a company will, because it is the company that bears the heavier burden for a data breach than the typical individual.
Perhaps the biggest potential pain point, and the one that needs the most development, is the concept of an interconnected supply chain. Facebook gives all app developers access to an API for access to the social graph. It is expected in the future that all vendors and suppliers will provide customers with some kind of API access to their "big data" stores. The implications are profound, as an API exploit (like the one that recently impacted LinkedIn) can create massive distrust among a company’s customers.
All of this implicates privacy as the foundational issue. Breaches of data privacy are nothing new, but in the "big data" era, they happen more quickly and with more widespread impacts. While legislation may attempt to counter the risk, government tactics have been hit and miss when it comes to data privacy laws.
Having worked on major data analysis projects, I know that it’s not as if these risks did not exist in the past, it’s just that “big data” means access to private data will be the rule, not the exception, for trading partners and software developers in the future. There’s the rub. Our biggest challenge in the future world of “big data” is how to enable openness without compromising security.