Does big data mean big risks for businesses?

As big data becomes a potential game-changer for businesses, the security risks become even greater. Now that businesses have collected and stored all of this data, what are they going to do with it? How are they going to protect it? And most importantly, how are they going to use if safely and legitimately?
Users are increasingly alarmed by the amount of data being collected, with whom the data is being shared and how it is being used. Clearly, there needs to be better engagement among key stakeholders and joined-up thinking throughout organizations — from the chief marketing officer to the IT department — to develop guidelines and best practices for the usage, storage and transfer of data both inside and outside the business.
From the information security standpoint, the key issues surrounding big data tend to fall into the following five areas:

  1.  Cyber security: With more transactions, conversations, interactions and data now online, there are greater incentives for cyber criminals than ever before. According to the Information Security Forum’s (ISF’s) January 2012 report, “Cyber Security Strategies: Achieving Cyber Resilience,” today’s cyber criminals are better organized, more professional and have access to powerful tools and capabilities, which they use to identify, target and attack. When things go wrong, they can go wrong big time for an organization. It’s not the one-off data breaches or hacker attacks stories that hit the headlines, but those with far-reaching consequences that can mean reputational damage, legal liability and even financial ruin. Cyber resilience and preparedness strategies are crucial for big data.
  2. Data in the cloud: The pressure for businesses to quickly adopt and implement new technologies such as cloud services – often to support big data’s challenging storage and processing needs – comes with unforeseen risks and unintended consequences. Big data in the cloud is a highly attractive target for cyber criminals looking to harvest information. This places more demand on businesses to get their secure cloud sourcing strategy right. 
  3. Consumerization: Hand in hand with the growth of big data is the proliferation of new mobile devices, used to gather, store, access and transfer data. Businesses are now faced with the challenge of managing and securing employees’ personal devices in the workplace and balancing the need for security with productivity. The volume of smartphone analytics and Web browsing details are the stuff of security nightmares, particularly when these are blended with both home and work data. Businesses should ensure that their employee acceptable usage policies are in place and continue to manage mobile devices in line with their established security policy.
  4. Interconnected supply chains: Organizations are part of often complex, global and interdependent supply chains, which can be their weakest link. Information is what binds supply chains together, ranging from simple mundane data, to trade or commercial secrets and intellectual property – loss of which can lead to reputational damage and financial or legal penalties. There is a key role for information security in coordinating the contracting and provisioning of business relationships, including outsourcers, offshorers and supply chain and cloud providers.
  5. Privacy: As larger amounts of data are generated, stored and analyzed, privacy concerns will become an even bigger issue in the years to come. Start planning for new data protection requirements as soon as possible, while monitoring for further legislative and regulatory developments.

Data aggregation and big data analytics promise businesses a treasure trove of marketing intelligence. The ability to target customers based on the combination of past buying patterns, sentiment and previously “private” preferences are the Holy Grail for marketers. But business leaders eager to adopt these new technologies for business benefit will be well advised to understand the legal and other restrictions that may apply across multiple jurisdictions. They should also implement privacy best practices and design them into the analytics programs, build in transparency and accountability, and never lose sight of big data’s effect on people, processes and technology.
It goes without saying that securing both the data inputs and big data outputs present a key challenge that can impact not just potential business campaigns and opportunities, but also have far reaching legal implications. The answer? Stay agile and ideally anticipate changes to regulation rather than being caught when they suddenly appear.
That being said, it is still early days and we have not yet seen a tremendous amount of external requirements mandating that businesses assure information integrity. However, the sheer scale of information processed by businesses remains on the increase and with big data analytics bringing business decisions closer and closer to raw data, the quality of information has become increasingly important. If the same sophisticated analysis can be applied to relevant security data, big data may even be used to improve information security.
While such solutions may not yet appear to be widespread, you can be assured they are well on the way with big data analytics already being used for fraud prevention, cyber security detection, social analysis and real-time multimodal surveillance.
Steve Durbin is global vice president of the Information Security Forum (ISF). His main areas of focus include the emerging security threat landscape, cyber security, consumerization and outsourced cloud security. Previously, he was senior vice president at Gartner. 
Image courtesy of Flickr user KellBailey.