Perimeter
10/24/2012
10:32 AM
Adrian Lane
Adrian Lane
Commentary
Connect Directly
RSS
E-Mail
50%
50%

When Data Errors Don't Matter

Does bad data break 'big data' analysis?

I ran across this short video comparing MySQL to MongoDB, and it really made me laugh. A tormented MySQL engineer is arguing platform choices with a Web programming newbie who only understands big data at a buzzword level. Do be careful if you watch the video with the sound on because the latter portion is not child-friendly, but this comical post captures the essence of the argument relational DB architects have against NoSQL: Big data systems fail system architects' criteria for data accuracy and consistency. Their reasoning is if the data's not accurate, who care's whether it's "Web scale?" It's garbage in, garbage out, so why bother?

But I think the question deserves more attention. In fact, I ask the question: Does some bad data in a big data cluster matter?

I think that the answer is, "No, it does not."

There are two reasons for this.

Data in the aggregate:
Most of the big data analytics are basing decisions across billions on records. Trends and decisions are not a simple "X=Y" comparison, but billions of "X=Y" comparisons. Decisions are made across the aggregate to show trends and provide a likelihood of an event. Big data clusters are not used to produce an accurate ATM statement, but rather to predict a person's potential interest in a specific product based upon prior Web search history. It's less about binary outcomes and more like fuzzy-logic.

Data velocity:
Most of the clusters I've seen in operation pour new data in at furious rate -- terabytes of data every day. Queries may favor more recent events, or they may balance their predictions on current and historic trend data. In either case, if you get some bad data into the cluster due to a hardware of software issue, it's likely to cause a short-term dip in accuracy. Tomorrow a whole new batch of data will offset, or overwrite, or mute the impact of yesterday's bad data. Data velocity and volume greatly reduce the impact of data corruption of a handful of records.

And that's the essence of big data analytics -- it's not so much about specific data points as it is metatrends.

Keep in mind that if there is one thing that's consistent with big data systems it's inconsistency. These systems are incredibly diverse in features and functions. It's dangerous to pigeonhole big data into a specific set of value statements because there are some 120 different NoSQL systems, each with add-on packages that provide near limitless functional variations. While the Web programmer newbie in the video above may not have a clue, application developers who work with big data have tuned out the relational database dogma for good reason. There are, in fact, ACID-compliant databases built on a Hadoop framework. These provide transactional consistency -- granted, in different ways than many relational platforms -- but the options exist. There are cases where relational databases are a must-have, but the decision to choose one over the other is far more complex that what's commonly portrayed.

And let's not forget that most relational systems have their own issues with data accuracy. The handful of studies I've seen on data accuracy in relational platforms -- during the past 12 years or so -- finds about 25 percent of the data stored to be inaccurate. Data entry errors, data "aging" issues where information becomes inaccurate over time, errors when collecting information, errors when aggregating and correlating, errors when loading data into the relational format, as well as other problems do exist in relational environments. This is not due to the hardware or software, but it's simply due due to how data is collected and processed between systems. It's a set of issues not often discussed, as relational databases are excellent at transactional consistency, but still have unreliable data that affects analysts even more than it does with big data clusters.

Adrian Lane is an analyst/CTO with Securosis LLC, an independent security consulting practice. Special to Dark Reading. Adrian Lane is a Security Strategist and brings over 25 years of industry experience to the Securosis team, much of it at the executive level. Adrian specializes in database security, data security, and secure software development. With experience at Ingres, Oracle, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1544
Published: 2014-07-23
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger cer...

CVE-2014-1547
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1548
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1549
Published: 2014-07-23
The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applica...

CVE-2014-1550
Published: 2014-07-23
Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Where do information security startups come from? More important, how can I tell a good one from a flash in the pan? Learn how to separate ITSec wheat from chaff in this episode.