Big Data: Four Security Improvements Required

At the BLU acceleration technology briefing, I was able to talk to a wide variety of analysts from many well-known firms along with other architects, consultants and industry practitioners.  Everyone was talking about the IBM BLU technology for Big Data that I blogged about earlier, but Big Data conversation topics ranged from new start-up companies, industry wide initiatives, and companies allocating resources for their Big Data projects.

One of the things that struck me was that everyone talked about their Big Data integration initiatives and how the businesses were going to outsourcers, consultants and non-standard IT outsiders to start their Big Data projects.  One analyst talked about asking a client company to count how many Big Data projects were active within their company.  Auditing the IT department found only two Big Data projects on the books.  Further asking around of the various departments showed that nine other Big Data projects had been started by the business units which were actively doing Big Data integration.  With all your Big Data being copied everywhere; here are four security improvements for your environment so that your Big Data projects, both official and unofficial, are protected within your company.

First, research and remove the PUBLIC access to your Big Data.  During the previously mentioned audit to find the Big Data projects it was discovered that someone had downloaded the complete 6TB data warehouse of a financial firm and had it stored on two PCs next to their desk.  They accessed and loaded the data through a data warehousing tablet/mobile reporting interface over a long holiday weekend.  Personal Identifying Information (PII), credit card information and financial firm account numbers were downloaded because of a new tablet/phone report interface that had been GRANTed to PUBLIC. Worse yet, the two PCs were available on the shared company network so everyone could play with their Big Data Analytics.  Do you think the employee should be rewarded for initiative or fired for being derelict with protecting the critical company data?

Next, audit your BYOD, user and partner integration and access points.   A lot of end-user access is from “bring your own device” (BYOD) set-ups, with tablet access, PC access and mobile interfaces the most commonly used access points.  Making sure that these BYOD and other connections are made through only authorized interfaces where some type of authentication is necessary is critical for data security.  All interfaces should use some type of authentication, even web browsing if possible.  If no authentication is required, allow only very strict limited access with limited capabilities with limited data amounts. No Big Data downloads should be allowed over an extended weekend.

Third, define the same or better security, usage and governance within your Big Data project. Big Data projects are going to use and access customer, product and other types of PII or sensitive information.  Those Big Data insights need to be matched up to your systems and data to gain those analytic insights.  To ensure the on-going protection and safeguards are in place, make sure your security department and its procedures are fully involved and engaged with the security profiles used for execution and access of the Big Data. Since another type of database, like Hadoop or any of the other NoSQL vendors’ products might be involved, it is always good to contrast and document the security for your IT management and showcase the robust and flexible security within your main DB2 databases.  This is a good management and security department education and is a great discussion point advantage for using DB2 for your Big Data project.

Fourth, use encryption by default or upgrade to use encryption as soon as possible for every connection.  The latest hacker Android phone application exploit highlighted here shows that it is easy to take over the control of a plane because there is no encryption in the flight systems of older planes.  Encryption for your connections or better yet encryption of your data is vital to protect your Big Data.  The hacking exploits are becoming more complex and some are even using Big Data dumps of monitor logs to analyze and pinpoint the possible viable attack strategies against your environment and configuration.  Encryption of your access points for both remote and local communications to your users is vital for the survival of all your systems and applications.

The business units are starting and funding their own Big Data project without IT involvement.  By downloading open source Hadoop and configuring two discarded PCs with extra Best Buy hard drives make a Big Data project easy to do. The Big Data download can begin without IT knowledge, help, security, standards and procedures. Security usually doesn’t get better when data is transported to another platform especially a new open source one.  Audit your company and environment now for any Big Data projects before your Big Data project gets your company on the front page of the New York Times. Pass this on to your IT VP of the new Big Data projects and see if they are surprised how many Big Data projects that have already been started without IT’s involvement.


Have you made your plans for IDUG in Orlando this year?  Also make sure to register early and get the IDUG early bird discount. Sign up today!

I look forward to speaking at the IDUG DB2 Tech Conference 2013 North America conference.  The conference will be held in Orlando, Florida on April 29-May 2, 2013.  Get more information at

Also being an IBM Data Champion I get to sponsor an attendee for the IDUG conference through the Mentor program.  This enables them to get a reduced registration fee.  Email me if you are interested.

I will be speaking at the conference presenting Big Data and Analytics Session F07 – “Data Warehouse Designs for Big Data Performance” Wed, May 01, 2013 (02:15 PM – 03:15 PM) in Bonaire 5&6.
Dave Beulke is an internationally recognized DB2 consultant, DB2 trainer and education instructor.  Dave helps his clients improve their strategic direction, dramatically improve DB2 performance and reduce their CPU demand saving millions in their systems, databases and application areas within their mainframe, UNIX and Windows environments.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>