Zettaset Blog

Security Vulnerability Advice: Securing Big Data

Zettaset - securing big data
Big data has revolutionized the way companies do business. It has also impacted day-to-day enterprise security concerns. As big data and big data warehouses become more universally adopted, the threat of this information getting into the wrong hands is increasing. With large big data stores housing the personal information of millions of individuals, the consequences of data intrusions have become dramatically more serious. This post will discuss how big data’s very existence is dependent on the data custodians’ ability to protect data — and the best ways to do it.

The Beginning of Modern Security Vulnerability

In 2008, Heartland Payment Systems experienced one of the biggest data breaches in the world at that time. The intruder went undetected until months after he first accessed Heartland Payment Systems’ data. Even though Heartland was compliant with the security standards set by the PCI Security Standards Council, a firewall wasn’t enough. Bob Carr, Heartland’s CEO at the time, stated that the lesson he learned was that every system worth breaching would eventually be breached.

The answer was not to just make infrastructure more difficult to breach, but to incorporate foolproof data encryption so that the “successful” intruder would end up with undecipherable gibberish instead of valuable data. Carr also pointed out that it was equally important to encrypt not just data-at-rest, but also data-in-motion (for instance, credit card data at point of purchase).  Given the sensitivity of (and growing volume of) information stored in big data repositories, the consequences of any intrusion would no doubt be much worse, and mitigation much more difficult, had this breach happened today.

Are Encryption Solutions All the Same?

Encryption solutions vary from supplier to supplier. Some require the use of proprietary hardware. This means you will be locked into that vendor’s solution, limiting your deployment options and negotiating power with the vendor. Others require that you replicate your data on a separate server in order to do the encryption and then redeploy in the production environment. This is extremely disruptive and time-intensive. It also requires significant IT resources. This introduces greater possibilities for human error. Choose a solution that encrypts the data where it exists so you do not have to duplicate your data.

There’s also the issue of scalability. As the volume of your data expands, will your encryption solution easily expand with it? Or will you have to go through a painful process every time your customer base or data volume grows? And what if you expand through acquisition? How easy will it be to maintain any investment protection in a disparate systems environment?

Your data encryption solution needs to address all of these concerns.

Encryption Standards

The Organization for the Advancement of Structured Information Standards (OASIS) was established in 1993. Its purpose was to advance the interoperability of solutions and systems from different vendors. Since then, the organization has expanded into the data security arena. However, its mission is still the same: to advance interoperability. For this reason, to ensure that your data encryption solutions maintain the highest levels of security and interoperability, they should conform to the OASIS KMIP (Key Management Interoperability Protocol) and Public-Key Cryptography Standards (PKCS) #11. Ignoring these standards risks making your enterprise’s encryption method a round peg trying to fit into a square hole.

So, That’s That, Right?

Wrong! Even if you do all the above, you may still harbor vulnerabilities if you don’t do your part. The infamous Target breach was triggered by an employee of one of Target’s suppliers, who fell for a phishing scheme and gave the intruders access to Target’s supplier portal. The Heartland breach was simply not detected by the company’s systems and security team until months after it had occurred. Security begins with your systems — but ends with your employees. Therefore, there are steps you can and must take to ensure that your data environment safe:

  • Store your encryption keys separately from your data, and store them safely, with accessibility granted only to authorized and trusted personnel.
  • Educate your employees. Make sure they know about phishing schemes, Trojan horses and all the other techniques hackers use to bluff their way into your data systems. And keep them up to date on the latest developments. Training cannot be a “one and done;” it must be conducted on a regular basis.
  • Finally, keep your security systems and software up to date. Vendors are always taking measures to stay one step ahead of hackers. If you’re not diligent about keeping up, you’re neglecting your responsibilities and putting your customers and your company’s reputation at risk.

Take-home lessons:

  1. Maintaining data security and protection is vital. You’re gathering and analyzing more data than ever, and in custody of intensely personal information about your customers and their buying habits.
  2. While traditional security has been multilayered — including firewalls, access controls and intrusion monitoring — these measures are not enough. The final arbiter of success or failure of an attempted hack is your data encryption solution
  3. To avoid falling victim to simple things such as SQL injection, Trojan horses and phishing schemes, educate your employees.

Zettaset’s BDEncrypt solution meets the OASIS interoperability standards discussed in this post. Easy to deploy, scalable, and as economical as it is effective, BDEncrypt is compatible with virtually every database and file system. And Zettaset makes it easy to test drive BDEncrypt. You don’t have to think like a hacker to defeat a hacker. Zettaset has done it for you.

Our Resources
Solution Briefs
White Papers