Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Big Data Means Big Security Problems, Study Says

Large data stores often contain 'toxic' data that is sensitive to business, Forrester report says

As business environments become more complex, companies are looking to find new ways to store, process, and analyze large amounts of data from social networks, sensors, IT systems, and other sources. But this process of storing and analyzing large amounts of information -- now frequently called "big data" -- can be rife with security risks, according to a report issued earlier this week.

The report -- Forrester Research's "The Future of Data Security and Privacy: Controlling Big Data" -- offers insights and warnings on the security implications of storing and cross-analyzing large amounts of sensitive, disparate data.

"It is imperative that users of the data understand that these massive data stores contain significant amounts of 'toxic' data," says Forrester analyst John Kindervag, author of the report.

"Toxic data is any data that could be damaging to an organization if it leaves that organization’s control," the report explains. "Typically, toxic data includes custodial data -- such as credit card numbers, personally identifiable information like Social Security numbers, and personal health information -- and sensitive intellectual property, including business plans and product designs."

Analyzing big data also sometimes involves processing or storing data that isn't yours, Kindervag observes.

"Besides storing intellectual property, big data environments also contain data that companies control but do not own," the report says. "This often includes customer data and business partner data. Because big data is all about aggregating data across the organization, security and risk professionals must work to eliminate the silos of data control and responsibilities that currently exist."

Kindervag recommends moving security controls closer to the data they are designed to protect.

"Security professionals apply most controls at the very edges of the network," the report observes. "However, if attackers penetrate your perimeter, they will have full and unrestricted access to your data -- and thanks to big data, it will all be in one place. By placing controls as close as possible to the data store and the data itself, you can create a more effective line of defense."

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MS8699
50%
50%
MS8699,
User Rank: Apprentice
2/9/2012 | 9:11:04 AM
re: Big Data Means Big Security Problems, Study Says
As business environments become more complex, companies are looking to
find new ways to store, process, and analyze large amounts of data from
social networks, sensors, IT systems, and other sources
SocialTIS
50%
50%
SocialTIS,
User Rank: Apprentice
2/6/2012 | 10:52:01 PM
re: Big Data Means Big Security Problems, Study Says
There is also another great report that John from Forrester released Jan. 30th "Killing Data". It's definitely worth a read if you're interested in this article. The report provides big insights on Enterprise Encryption and Key Management.-
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27852
PUBLISHED: 2021-01-20
A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).
CVE-2021-3137
PUBLISHED: 2021-01-20
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.
CVE-2020-27850
PUBLISHED: 2021-01-20
A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).
CVE-2020-27851
PUBLISHED: 2021-01-20
Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privile...
CVE-2020-13134
PUBLISHED: 2021-01-20
Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) admin users. All TOS versions with SecureChange deployments prior to R19.3 HF3 and R20-1 HF1...