Connect with us

Hi, what are you looking for?


Data Protection

CSA Lists Top 10 Security, Privacy Challenges of Big Data

Data volumes are exploding, a reality that is forcing businesses to find new ways to protect that information and draw value from it.

Data volumes are exploding, a reality that is forcing businesses to find new ways to protect that information and draw value from it.

In a new report, the Cloud Security Alliance [CSA] outlined the top 10 security and privacy challenges big data posing to enterprises and what organizations can do about them. The challenges cover wide ground, from infrastructure security to data privacy, data management and integrity and reactive security.

On the CSA’s list are the following challenges:

  1. Secure computations in distributed programming frameworks
  2. Security best practices for non-relational data stores
  3. Secure data storage and transactions logs
  4. End-point input validation/filtering
  5. Real-Time Security Monitoring
  6. Scalable and composable privacy-preserving data mining and analytics
  7. Cryptographically enforced data centric security
  8. Granular access control
  9. Granular audits
  10. Data Provenance

The paper expands on research the company published in November, offering companies a threat model and a set of solutions for each challenge. For example, for enterprises leveraging NoSQL databases, the paper discusses a threat model that covers issues such as lax authentication mechanisms and susceptibility to injection attacks.

“Some enterprises are still trying to get their head around what big data actually is, let alone that they think about big data security,” said Wilco Van Ginkel, co-chair of the CSA Big Data Working Group and senior strategist at Verizon. “Enterprises, which are further ahead in that regard, try to classify the data in terms of public and confidential, for instance. And based on that, decide which data can be processed and stored using, for example, NoSQL databases. It is fair to say that this is not a trivial task, given the amount of data and sometimes, not even knowing which data streams the enterprise actually has.”

Earlier this week, McAfee released a report that found that on average organizations are storing approximately 11-15 terabytes of security data a week and are struggling to leverage it correctly. The report also found that even though 73 percent of those surveyed claimed they could assess their security status in real-time, just 24 percent of the organizations that said they had suffered a security breach in the past year had recognized it within minutes.

“Common elements specific to big data arise from the use of multiple infrastructure tiers (both storage and computing) for processing big data; the use of new compute infrastructures such as NoSQL databases (for fast throughput necessitated by big data volumes) that have not been thoroughly vetted for security issues; the non-scalability of encryption for large data sets; the nonscalability of real-time monitoring techniques that might be practical for smaller volumes of data; the heterogeneity of devices that produce the data; and the confusion surrounding the diverse legal and policy restrictions that lead to ad hoc approaches for ensuring security and privacy,” according to the paper.

“Many of the items in this list serve to clarify specific aspects of the attack surface of the entire Big Data processing infrastructure that should be,” the CSA stated.

Advertisement. Scroll to continue reading.

The paper can be read in its entirety here.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cybersecurity Funding

CommandK announced that it has raised $3 million in a seed funding round for a solution designed to help organizations secure sensitive data.