Perimeter
10/24/2012
10:32 AM
Adrian Lane
Adrian Lane
Commentary
50%
50%

When Data Errors Don't Matter

Does bad data break 'big data' analysis?

I ran across this short video comparing MySQL to MongoDB, and it really made me laugh. A tormented MySQL engineer is arguing platform choices with a Web programming newbie who only understands big data at a buzzword level. Do be careful if you watch the video with the sound on because the latter portion is not child-friendly, but this comical post captures the essence of the argument relational DB architects have against NoSQL: Big data systems fail system architects' criteria for data accuracy and consistency. Their reasoning is if the data's not accurate, who care's whether it's "Web scale?" It's garbage in, garbage out, so why bother?

But I think the question deserves more attention. In fact, I ask the question: Does some bad data in a big data cluster matter?

I think that the answer is, "No, it does not."

There are two reasons for this.

Data in the aggregate:
Most of the big data analytics are basing decisions across billions on records. Trends and decisions are not a simple "X=Y" comparison, but billions of "X=Y" comparisons. Decisions are made across the aggregate to show trends and provide a likelihood of an event. Big data clusters are not used to produce an accurate ATM statement, but rather to predict a person's potential interest in a specific product based upon prior Web search history. It's less about binary outcomes and more like fuzzy-logic.

Data velocity:
Most of the clusters I've seen in operation pour new data in at furious rate -- terabytes of data every day. Queries may favor more recent events, or they may balance their predictions on current and historic trend data. In either case, if you get some bad data into the cluster due to a hardware of software issue, it's likely to cause a short-term dip in accuracy. Tomorrow a whole new batch of data will offset, or overwrite, or mute the impact of yesterday's bad data. Data velocity and volume greatly reduce the impact of data corruption of a handful of records.

And that's the essence of big data analytics -- it's not so much about specific data points as it is metatrends.

Keep in mind that if there is one thing that's consistent with big data systems it's inconsistency. These systems are incredibly diverse in features and functions. It's dangerous to pigeonhole big data into a specific set of value statements because there are some 120 different NoSQL systems, each with add-on packages that provide near limitless functional variations. While the Web programmer newbie in the video above may not have a clue, application developers who work with big data have tuned out the relational database dogma for good reason. There are, in fact, ACID-compliant databases built on a Hadoop framework. These provide transactional consistency -- granted, in different ways than many relational platforms -- but the options exist. There are cases where relational databases are a must-have, but the decision to choose one over the other is far more complex that what's commonly portrayed.

And let's not forget that most relational systems have their own issues with data accuracy. The handful of studies I've seen on data accuracy in relational platforms -- during the past 12 years or so -- finds about 25 percent of the data stored to be inaccurate. Data entry errors, data "aging" issues where information becomes inaccurate over time, errors when collecting information, errors when aggregating and correlating, errors when loading data into the relational format, as well as other problems do exist in relational environments. This is not due to the hardware or software, but it's simply due due to how data is collected and processed between systems. It's a set of issues not often discussed, as relational databases are excellent at transactional consistency, but still have unreliable data that affects analysts even more than it does with big data clusters.

Adrian Lane is an analyst/CTO with Securosis LLC, an independent security consulting practice. Special to Dark Reading. Adrian Lane is a Security Strategist and brings over 25 years of industry experience to the Securosis team, much of it at the executive level. Adrian specializes in database security, data security, and secure software development. With experience at Ingres, Oracle, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2130
Published: 2015-03-05
Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrative privileges, aka B...

CVE-2014-9688
Published: 2015-03-05
Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users.

CVE-2015-0598
Published: 2015-03-05
The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and CSCur27693.

CVE-2015-0607
Published: 2015-03-05
The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connecti...

CVE-2015-0657
Published: 2015-03-05
Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.