Big data still scaring security experts

Tools

The apocalypse is just sitting out there waiting to happen and like a comet in the Oort cloud, it is hiding in a sea of big data says Yaki Faitelson, CEO and co-founder of Varonis.

It is the job of security experts to worry about such things. Some would say it is their job to create the worry about such things, but few are doubting the potential dangers to security and privacy from all the data sitting in databases around the world with various levels of security.

Varonis calls it the salami apocalypse, or threats built layer upon layer from small bits of information that can be combined into detailed personal profiles. And he says it can hit as early as next year. "It's all there," he said, referring to the scraps of information about an individual online that can be researched and pieced together to create a complete picture. Varonis added that the problem stems from our need, desire and sometimes regulatory compulsion to store ever increasing amounts of data.

He says the same tools that are used to "enable the extraction of valuable information from this sea of raw data" can be used to breach security. He also said that there is a lack of appreciation for privacy issues regarding the data they store.

And according to Simon Bain, CTO of Simplexo, in an IT News Online article this week, not all the threats are external. Bain said big data is very much a hot topic right now and he wonders how seriously organizations are taking the threat of data breaches in relation to big data, especially from internal sources. "When you consider that nowadays, the majority of serious attacks are no longer web based but internal, it does raise a few worrying questions," he said.  

And IBM said this week that big data is increasing data center disruptions because IT departments are encouraged to save every scrap of data and that the process of weeding out the meaningless data from the worthwhile data causes problems. 

The European Network and Information Security Agency argues that "removing forgotten information from all aggregated or derived forms may present a significant technical challenge [but] not removing such information from aggregated forms is risky. Either way, says IBM, you're asking for trouble.

For more:
- see the ENISA Report

Related Articles:
UK Regulators warn industries on customer data access
Privacy scholars at the wall

Filed Under