“How do I secure “big data”? A simple and common question. But one without a direct answer – simple or otherwise. We know thousands of firms are working on big data projects, from small startups to large enterprises. New technologies enable any company to collect, manage, and analyze incredibly large data sets for ridiculously low cost. As these systems become more common, the repositories are likely to be stuffed with sensitive data. Only after companies are reliant on “big data” do they ask “How can I secure it?”, an inflection point companies are now reaching.
In this research presentation, we’ll discuss what we found when we interviewed big data architects, users and security vendors on how they approach big data security. We will cover some of the architectural and operational differences that make big data a security challenge. We’ll dive into some of the security approaches being offered today, and discuss the impedance mismatch between security holes in big data clusters and available solutions. We’ll close the presentation with a list of recommendations on how to approach big data security and the technologies we advise all big data admins and architects to employ.
- What is big data and its impact to organizations?
- How big data's security model is different than traditional IT
- Addressing big data's security issues without stopping the business
About David Mortman
David Mortman is the Chief Security Architect for Dell Enstratius and a Contributing Analyst at Securosis. Most recently he was the Director of Security and Operations for C3, LLC. Formerly the Chief Information Security Officer for Siebel Systems, Inc., David and his team were responsible for Siebel’s worldwide IT security infrastructure, both internal and external and worked closely with the product groups and the company’s physical security team and led up the product security and privacy efforts. Previously, Mr. Mortman was Manager of IT Security at Network Associates. Before that, Mortman was a Security Engineer for Swiss Bank. Mr. Mortman is a regular speaker at RSA, Blackhat and Defcon. In the past year, he has presented at RSA, Secure360, Sector, Blackhat and Defcon. Mr. Mortman sits on a variety of advisory boards including Qualys, Lookout and Virtuosi amongst others. He holds a BS in Chemistry from the University of Chicago.
About Adrian Lane
Adrian is a Security Strategist and brings over 25 years of industry experience to the Securosis team, much of it at the executive level. Adrian specializes in database security, data security, and software development. With experience at Ingres, Oracle, and Unisys, he has extensive experience in the vendor community, but brings a pragmatic perspective to selecting and deploying technologies having worked on “the other side” as CIO in the finance vertical. Prior to joining Securosis, Adrian served as the CTO/VP at companies such as IPLocks, Touchpoint, CPMi and Transactor/Brodia. He has been invited to present at dozens of security conferences, contributed articles to many major publications, and is easily recognizable by his “network hair” and propensity to wear loud colors. Fueled by a mix of stimulants and depressants, you’re never really quite sure what he’ll say on stage.