Quick Hits

Big Data Means Big Security Problems, Study Says

Large data stores often contain 'toxic' data that is sensitive to business, Forrester report says
As business environments become more complex, companies are looking to find new ways to store, process, and analyze large amounts of data from social networks, sensors, IT systems, and other sources. But this process of storing and analyzing large amounts of information -- now frequently called "big data" -- can be rife with security risks, according to a report issued earlier this week.

The report -- Forrester Research's "The Future of Data Security and Privacy: Controlling Big Data" -- offers insights and warnings on the security implications of storing and cross-analyzing large amounts of sensitive, disparate data.

"It is imperative that users of the data understand that these massive data stores contain significant amounts of 'toxic' data," says Forrester analyst John Kindervag, author of the report.

"Toxic data is any data that could be damaging to an organization if it leaves that organization’s control," the report explains. "Typically, toxic data includes custodial data -- such as credit card numbers, personally identifiable information like Social Security numbers, and personal health information -- and sensitive intellectual property, including business plans and product designs."

Analyzing big data also sometimes involves processing or storing data that isn't yours, Kindervag observes.

"Besides storing intellectual property, big data environments also contain data that companies control but do not own," the report says. "This often includes customer data and business partner data. Because big data is all about aggregating data across the organization, security and risk professionals must work to eliminate the silos of data control and responsibilities that currently exist."

Kindervag recommends moving security controls closer to the data they are designed to protect.

"Security professionals apply most controls at the very edges of the network," the report observes. "However, if attackers penetrate your perimeter, they will have full and unrestricted access to your data -- and thanks to big data, it will all be in one place. By placing controls as close as possible to the data store and the data itself, you can create a more effective line of defense."

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Editors' Choice
Tara Seals, Managing Editor, News, Dark Reading
Jim Broome, President & CTO, DirectDefense
Nate Nelson, Contributing Writer, Dark Reading