I recently started a conversation on my LinkedIn page regarding the impact Big Data is having among practicing security professionals. The discussion has been intelligent and engaging. Big Data is certainly big news these days and some of the comments of these top security and risk experts are compelling.
So why Big Data? The massive accumulation of information – 2.5 quintillion bytes of data are created every day – has brought benefits and competitive advantages to many businesses. Yet there are new threats that have come on the heels of this new business driver. There are increased network vulnerabilities as cyber criminals exploit technology to their advantage, and the potential to misinterpret data to the detriment of the organization.
As veteran security consultant David Aggleton puts it: “I don't have any experience with handling Big Data but Hari Seldon in Isaac Asimov's ‘Foundation’ (trilogy & prequels) was tasked with the analysis of galaxies of data in order to predict meaningful historic trends. Hari's output had to be much more accurate than the figures I have heard quoted, e.g., 55 percent in one direction is considered a trend. Statistically we should be talking about a confidence rating in the 90-95 percent range to bet the farm on it!”
Most of the top organizations worldwide understand that enhanced internal capabilities to collect, store, access, and analyze these exponentially large, complex datasets, increasingly known as Big Data, are crucial to enterprise growth and security. However, executive leaders need to allocate greater investments to Big Data capabilities in order to fully realize the value potential.
"Organizations have significant hurdles to overcome in order to capture the value potential of Big Data. These hurdles span the continuum of investment capacity, skill availability, legacy infrastructure, and operating models,” says Bill Pieroni, chief operating officer of Marsh Inc., one of the world's leading insurance brokers and risk advisors. “However, organizations that are able to effectively leverage data and insights to drive differentiated value propositions and outcomes will dominate their industries. Ultimately, these organizations will be industry leaders rather than just industry participants.”
While Pieroni is speaking in a larger business context, leveraging Big Data for the purpose of mitigating risk and creating sound security strategies follows much the same course. Being able to differentiate the value proposition of incoming data to analyze trends, predict outcomes and formulate appropriate policy and procedure has to be the residue of constructive information.
“Analysis is important as a part of the management of all security risks. So, I do believe Big Data has the capability now to add deeper analysis, but I am confused by the lack of understanding about what we are analyzing -- and why,” adds Jeff Spivey, CRISC, CPP, an information risk management expert from Charlotte. “Big Data will begin to answer questions we have not asked yet, but we need to better understand what this innovation can do that we could not do previously and how can we use it to change the world of security. Our world is changing at light speed and we are using old models of context to address new problems. Big Data will start to give us new answers and we need to be ready with an open mind to be innovative to look for new ways to achieve security.”
Ken Cummins, PSP, CPP. chief security officer of the Central Puget Sound Regional Transit Authority understands that more data doesn’t necessarily translate into good data. He cautions that the development of a risk picture has its own inherent risk.