Perimeter
10/24/2012
10:32 AM
Adrian Lane
Adrian Lane
Commentary
50%
50%

When Data Errors Don't Matter

Does bad data break 'big data' analysis?

I ran across this short video comparing MySQL to MongoDB, and it really made me laugh. A tormented MySQL engineer is arguing platform choices with a Web programming newbie who only understands big data at a buzzword level. Do be careful if you watch the video with the sound on because the latter portion is not child-friendly, but this comical post captures the essence of the argument relational DB architects have against NoSQL: Big data systems fail system architects' criteria for data accuracy and consistency. Their reasoning is if the data's not accurate, who care's whether it's "Web scale?" It's garbage in, garbage out, so why bother?

But I think the question deserves more attention. In fact, I ask the question: Does some bad data in a big data cluster matter?

I think that the answer is, "No, it does not."

There are two reasons for this.

Data in the aggregate:
Most of the big data analytics are basing decisions across billions on records. Trends and decisions are not a simple "X=Y" comparison, but billions of "X=Y" comparisons. Decisions are made across the aggregate to show trends and provide a likelihood of an event. Big data clusters are not used to produce an accurate ATM statement, but rather to predict a person's potential interest in a specific product based upon prior Web search history. It's less about binary outcomes and more like fuzzy-logic.

Data velocity:
Most of the clusters I've seen in operation pour new data in at furious rate -- terabytes of data every day. Queries may favor more recent events, or they may balance their predictions on current and historic trend data. In either case, if you get some bad data into the cluster due to a hardware of software issue, it's likely to cause a short-term dip in accuracy. Tomorrow a whole new batch of data will offset, or overwrite, or mute the impact of yesterday's bad data. Data velocity and volume greatly reduce the impact of data corruption of a handful of records.

And that's the essence of big data analytics -- it's not so much about specific data points as it is metatrends.

Keep in mind that if there is one thing that's consistent with big data systems it's inconsistency. These systems are incredibly diverse in features and functions. It's dangerous to pigeonhole big data into a specific set of value statements because there are some 120 different NoSQL systems, each with add-on packages that provide near limitless functional variations. While the Web programmer newbie in the video above may not have a clue, application developers who work with big data have tuned out the relational database dogma for good reason. There are, in fact, ACID-compliant databases built on a Hadoop framework. These provide transactional consistency -- granted, in different ways than many relational platforms -- but the options exist. There are cases where relational databases are a must-have, but the decision to choose one over the other is far more complex that what's commonly portrayed.

And let's not forget that most relational systems have their own issues with data accuracy. The handful of studies I've seen on data accuracy in relational platforms -- during the past 12 years or so -- finds about 25 percent of the data stored to be inaccurate. Data entry errors, data "aging" issues where information becomes inaccurate over time, errors when collecting information, errors when aggregating and correlating, errors when loading data into the relational format, as well as other problems do exist in relational environments. This is not due to the hardware or software, but it's simply due due to how data is collected and processed between systems. It's a set of issues not often discussed, as relational databases are excellent at transactional consistency, but still have unreliable data that affects analysts even more than it does with big data clusters.

Adrian Lane is an analyst/CTO with Securosis LLC, an independent security consulting practice. Special to Dark Reading. Adrian Lane is a Security Strategist and brings over 25 years of industry experience to the Securosis team, much of it at the executive level. Adrian specializes in database security, data security, and secure software development. With experience at Ingres, Oracle, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4807
Published: 2014-11-22
Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a '\0' character.

CVE-2014-6183
Published: 2014-11-22
IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors.

CVE-2014-8626
Published: 2014-11-22
Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding...

CVE-2014-8710
Published: 2014-11-22
The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.

CVE-2014-8711
Published: 2014-11-22
Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?