Big data security’s mission is clear enough: keep out on unauthorized users and intrusions with firewalls, strong user authentication, end-user training, and intrusion protection systems (IPS) and intrusion detection systems (IDS). In case someone does gain access, encrypt your data in-transit and at-rest.
This sounds like any network security strategy. However, big data environments add another level of security because security tools must operate during three data stages that are not all present in the network. These are 1) data ingress (what’s coming in), 2) stored data (what’s stored), and 3) data output (what’s going out to applications and reports).
Overview of Big Data Security
Data security is nothing but clear enough to manage strong user authentication, keep out on unauthorized users and intrusions with firewalls, proper policies and train the end-user to maintain the policy with our violation, intrusion protection systems (IPS) and intrusion detection systems (IDS). Even case the security breach happen and does gain access, to safe guard the data encrypt your data in-transit and at-rest.
This Big data security is similar to traditional data security but, however, big data environments add another level of security because security tools must operate during different stages in its life cycle. We can split it in to three data stages that are not all present in the network.
The stages of the Big Data can split in to three stages. Those are :
1) Data Sources
2) Data Storage
3) Data Usage
1) What are the Data Sources
Data Sources (where data is coming from and how it is coming, data in transit and what’s coming in. The data sources are variety and different data structures, source data can be structured data, unstructured data and semi structured data. Big data sources come from a variety of sources and data types. User-generated data alone can include CRM or ERM data, transnational and database data, and vast amounts of unstructured data such as email messages or social media posts. In addition to this, you have the whole world of machine generated data including logs and IoT sensors.
Consider the following recommendations for designing secure transit of covered data. Security Recommendations for Data in transit.
i. If we are pulling data through web or device is reachable via web interface, web traffic must be transmitted using only strong security protocols over Secure Sockets Layer (SSL), such as Transport Layer Security (TLS).
ii. If the devices are connected with network cables or Non-web transmission of covered data should be encrypted via application level encryption Where the application database resides outside of the application server, the connection between the database and application should also be encrypted using FIPS compliant cryptographic algorithms
iii. If the data transmitting through network and Where application level encryption is not available, implement network level encryption such as IPSec or SSH tunneling
iv. If the data is connected with Wireless network Connections. When connecting to wireless networks to access a system handling covered data, Encryption mechanisms described in the section above must also be applied in addition to strong wireless network encryption to ensure end-to-end protection. Only connect to wireless networks employing cryptographically strong wireless encryption standards such as WPA2.
Finally, if the data in transit captured by some one should not able to see what is inside the data packet.
2) Big Data Storage Security Standards :
Data Storage unit is the place where the data physically resides. This is first place we need to provide the physical security. Check the security standards maintained by the data center, if it is in-house infrastructures, we need to protect the infrastructure from physical damages and threats. Protecting stored data takes mature security toolsets including encryption at rest, strong user authentication, and intrusion protection and planning. You will also need to run your security toolsets across a distributed cluster platform with many servers and nodes. In addition, your security tools must protect log files and analytics tools as they operate inside the platform.
3) Dashboards or User Output or Analytical Reports :
This extremely valuable intelligence makes for a rich target for intrusion, and it is critical to encrypt output as well as ingress. Also, secure compliance at this stage: make certain that results going out to end-users do not contain regulated data.
We need to apply similar to data in transit and additionally we need to apply the user system security standards. It is very critical part in this stage, it is extremely valuable data what’s going out to analysis applications and reports.
Making target this please compare to other stages, where the complexity and expense of the big data platform is being able to run meaningful insights by analytics across massive data volumes and different types of data. These analytics output results to applications, reports, and dashboards.
One of challenges of Big Data security is that data is routed through a circuitous path, and in theory could be vulnerable at more than one point.
Responsibility of Security in the Big Data :
Who Is Responsible for Big Data Security?
The answer is everyone.
Most of the time Big Data is all about Company not only ERP or Website or IoT Sensor data, or many things about the organization. It may be IoT Sensor data or a ERP Data, but the data is very valid data even I it is unstructured data. A big data Project is combination of different departments, why I am calling here as a Project is, every requirement needs different Tools and Software to fulfil the required reports or analysis in a single Organization. In its life cycle to fulfil the requirement it move stages between different departments, such Infrastructure providers may be In-house or Cloud Solution, Database Administrators, Programmers, Quality Testers, Security Testing and Implementations, Compliance Officers, Deployment Crosses Multiple Business units. All business units are responsible in some way responsible in security for the big data deployment.
IT Team who is responsible for the security should prepare proper and efficient policies, procedures, and choose the security software that effectively protect the big data deployment against malware and unauthorized user access.
Finally, the turn is from end-users, end-users are just as responsible for protecting company data. Ironically, even though many companies use their big data platform to detect intrusion anomalies, that big data platform nothing different form normal RDBS data or any other file data like Excel sheets or Word documents or a PDF documents or is just as vulnerable to malware and intrusion as any stored data. When you are administering security for your big data platform – or you are an end-user combing proper security mechanisms and strictly follow the Security policies.
Securing big data platforms takes a mix of traditional security tools, newly developed toolsets, and intelligent processes for monitoring security throughout the life of the platform.
Security Practices and Solutions to Major Big Data Security Challenges?
2. Access control policy should be created to real users and virtual users like data base login users:
User rights and policies should be made in such a way that they allow access to authorized part of the data by authorized users only. This will prevent unauthorized access to data from both internal and external sources.
3. Do protect your data by encryption:
Need to Protect both your data that is raw data and the outcome from analytics. To ensure no sensitive data is leaked, encryption should be used accordingly.
4. Communication protection – data in transit should protective:
Data in transit is major vulnerable please for security and most of the hackers are get acces through packet capture in the network. So always adequate protection should be given to data in transit to ensure its confidentiality and integrity.
Data is heart of the organization, As the Big Data is a new concept, so there is not a sufficient list of practices which are well recognized by the security community. However, there are a number of general security recommendations that can be used for big data:
1. Physical security for in-house data centres or Keep a check on your cloud providers:
You should have proper physical security for your in-house data centre If your big data is stored in the cloud, you must make sure that your provider has sufficient protection mechanisms in place. Do see that the provider does periodic security audits and agree on penalties in the situation when adequate security standards are not met.
5. Real-time security monitoring with trusted security tools:
From time to time we need to verify that there is any unauthorized access to data. There should be a control on the access to the data and it should be monitored. We need to prevent unauthorized access to the data, threat intelligence should be used.