Big Data remains one of the most talked about technology trends in 2013. But lost among all the excitement about the potential of Big Data are the very real security and privacy challenges that threaten to slow this momentum.
Security and privacy issues are magnified by the three V’s of big data: Velocity, Volume, and Variety. These factors include variables such as large-scale cloud infrastructures, diversity of data sources and formats, streaming nature of data acquisition and the increasingly high volume of inter-cloud migrations. Consequently, traditional security mechanisms, which are tailored to securing small-scale static (as opposed to streaming) data, often fall short.
The CSA’s Big Data Working Group followed a three-step process to arrive at top security and privacy challenges presented by Big Data:
- Interviewed CSA members and surveyed security-practitioner oriented trade journals to draft an initial list of high priority security and privacy problems
- Studied published solutions.
- Characterized a problem as a challenge if the proposed solution does not cover the problem scenarios.
Following this exercise, the Working Group researchers compiled their list of the Top 10 challenges, which are as follows:
- Secure computations in distributed programming frameworks
- Security best practices for non-relational data stores
- Secure data storage and transactions logs
- End-point input validation/filtering
- Real-Time Security Monitoring
- Scalable and composable privacy-preserving data mining and analytics
- Cryptographically enforced data centric security
- Granular access control
- Granular audits
- Data Provenance
The Expanded Top 10 Big Data challenges has evolved from the initial list of challenges presented at CSA Congress to an expanded version that addresses three new distinct issues:
- Modeling: formalizing a threat model that covers most of the cyber-attack or data-leakage scenarios
- Analysis: finding tractable solutions based on the threat model
- Implementation: implanting the solution in existing infrastructures
The full report explores each one of these challenges in depth, including an overview of the various use casesfor each challenge.
The challenges themselves can be organized into four distinct aspects of the Big Data ecosystem as follows:
The objective of highlighting these challenges is to bring renewed focus on fortifying big data infrastructures. The Expanded Top 10 Big Data Security Challenges report can be downloaded in its entirety here.