CSA Lists Top 10 Security, Privacy Challenges of Big Data

Data volumes are exploding, a reality that is forcing businesses to find new ways to protect that information and draw value from it.

In a new report, the Cloud Security Alliance [CSA] outlined the top 10 security and privacy challenges big data posing to enterprises and what organizations can do about them. The challenges cover wide ground, from infrastructure security to data privacy, data management and integrity and reactive security.

On the CSA’s list are the following challenges:

1. Secure computations in distributed programming frameworks
2. Security best practices for non-relational data stores
3. Secure data storage and transactions logs
4. End-point input validation/filtering
5. Real-Time Security Monitoring
6. Scalable and composable privacy-preserving data mining and analytics
7. Cryptographically enforced data centric security
8. Granular access control
9. Granular audits
10. Data Provenance

The paper expands on research the company published in November, offering companies a threat model and a set of solutions for each challenge. For example, for enterprises leveraging NoSQL databases, the paper discusses a threat model that covers issues such as lax authentication mechanisms and susceptibility to injection attacks.

“Some enterprises are still trying to get their head around what big data actually is, let alone that they think about big data security,” said Wilco Van Ginkel, co-chair of the CSA Big Data Working Group and senior strategist at Verizon. “Enterprises, which are further ahead in that regard, try to classify the data in terms of public and confidential, for instance. And based on that, decide which data can be processed and stored using, for example, NoSQL databases. It is fair to say that this is not a trivial task, given the amount of data and sometimes, not even knowing which data streams the enterprise actually has.”

Earlier this week, McAfee released a report that found that on average organizations are storing approximately 11-15 terabytes of security data a week and are struggling to leverage it correctly. The report also found that even though 73 percent of those surveyed claimed they could assess their security status in real-time, just 24 percent of the organizations that said they had suffered a security breach in the past year had recognized it within minutes.

“Common elements specific to big data arise from the use of multiple infrastructure tiers (both storage and computing) for processing big data; the use of new compute infrastructures such as NoSQL databases (for fast throughput necessitated by big data volumes) that have not been thoroughly vetted for security issues; the non-scalability of encryption for large data sets; the nonscalability of real-time monitoring techniques that might be practical for smaller volumes of data; the heterogeneity of devices that produce the data; and the confusion surrounding the diverse legal and policy restrictions that lead to ad hoc approaches for ensuring security and privacy,” according to the paper.

“Many of the items in this list serve to clarify specific aspects of the attack surface of the entire Big Data processing infrastructure that should be,” the CSA stated.

The paper can be read in its entirety here.