1 BIG DATA CALLS FOR BIG SECURITY! Jason Rader - Chief Security Strategist, RSA Global Services RSA, The Security Division of EMC Session ID: DAS-W02 Session Classification: General Interest
2 Agenda Why Big Data? Security Concerns With Big Data Securing Big Data Wrap Up
3 Why Big Data?
4 Big Data Analytics is the Future! Big Data Not LOTS of data But many disparate sources with mixed structure Industry trends driving Big Data & Analytics Storage is cheap Anywhere computing Hardware capabilities
5 What Are Predictive Analytics? Deriving value from Big Data! Complexly Organizing the unorganized Data Mining, Modeling, Statistics, Machine Learning The search for leading indicators How do we use it? Business strategy Public safety (CDC,NOAA) Cyber Security To Predict the Future!
6 Who Uses Predictive Analytics Today? Investors! Massive historical data Lots of math The search for trends Execute trades! The next step? Implications of social media See through the corporate veil Now we can focus on the individual!
7 Predictive Analytics Now is the Time! Businesses have data coming out of their ears Huge shift from the past Unused data Can we find value? Business leaders must innovate Focus on business model innovation Predictive Analytics can drive this!
8 Security Concerns with Big Data
9 Big Data The Ecosystem Data Sources Storage & Rapid Processing Analytics Data Scientists & Analysts Derived Data
10 Payoff Big Data Can Make You a Target Amount of data
11 Big Data Can Create a Liability Using Big Data Analytics in Retail Implications: Gathered data is given willingly by users Data is aggregated with other sources Retailers run analytics that manifest trends/predictions Outcomes accurately predict the future Users get better product placement Retailers win loyal customers Not Singular pieces of data! It s the CORRELATION that matters
12 How The Bad Guys Can Use Big Data Hacking the Coca Cola formula Can you derive the formula? YES YOU CAN! Shipping/Receiving/Production data Think Crypto plaintext attack KFC would be harder, but possible! IP/Strategy Derivation Attackers can figure out your IP by looking at data sets you don t necessarily protect Macro trends repeat themselves over multiple sets of data, can I fill the gaps from missing data sets?
13 The Security Problem of Derived Data If I derive your PII, must I protect it? The Legal System is WAY behind Compliance might be farther Do I have to protect data from aggregation? EXIF Data Geotags Huge impact to business US = Case Law EU Privacy Updates
14 Securing Big Data
15 How to View Data and Analytics Secret Sauce Intellectual Property Software Vuln DB Corp Strategy Crown Jewels Easily Transferrable IP Actionable IP Encryption Keys COMPINT Defense Information Valuable to Competitors or Military Valuable to me Valuable if Lost Customer Analytics IT Configs Biz Processes Derivative Data Analytics for Sale Medical Records CC Data PII/PHI Data Unused Biz Data Disinformation Old Source Code Old IP Old/Retired Encryption Keys
16 Value The Value of Information Over Time Max Value Area under this curve = money for information owner WIP Time Information eventually becomes a liability
17 Big Data Securing the Lifecycle Data mapping Where does data live? What is the full lifecycle of data? Raw WIP Data product Disposal How is it used by the business? Common Practices Governance Separation of Duties/RBAC Compartmentalization
18 Big Data Securing The Ecosystem Data Sources Storage & Rapid Processing Analytics Data Scientists & Analysts Derived Data
19 Wrap Up
20 WHAT DID WE LEARN? Know the lifecycle of big data in your org Understand the risks in the ecosystem Understand the business uses and the value of data over time Have a policy on security of derived data Educate new roles in security (data scientists) Classification of data and data sources is key Consistently evaluate changes in operations for security implications
State of Privacy Report 2015 SYMANTEC / STATE OF PRIVACY REPORT 2015 01 Contents Introduction 02 01 The Depth of Security Concern 05 02 The Data Trust Gap 19 03 Where Does The Responsibility Lie? 27 04
EXECUTIVE SUMMARY Big Data is not an uncommon term in the technology industry anymore. It s of big interest to many leading IT providers and archiving companies. But what is Big Data? While many have formed
I D C I V I E W T H E D I GITAL U N I V E RSE IN 2020: Big Data, B i g g e r D i g i tal Shadow s, and Biggest Grow t h in t h e F a r East December 2012 By John Gantz and David Reinsel Sponsored by EMC
Cyber-Security Essentials for State and Local Government Best Practices in Policy and Governance Operational Best Practices Planning for the Worst Case Produced by with content expertise provided by For
Exploring Strategic Risk 300 executives around the world say their view of strategic risk is changing Contents 3 Executive summary 5 Strategic risk emerges as a key focus for businesses around the world
Solution Brief Big Data in the Cloud: Converging Technologies How to Create Competitive Advantage Using Cloud-Based Big Data Analytics Why You Should Read This Document This paper describes how cloud and
2014 DATA BREACH INVESTIGATIONS REPORT Executive Summary INSIDER MISUSE DOS ATTACKS MISCELLANEOUS ERRORS PHYSICAL THEFT AND LOSS CYBER-ESPIONAGE CRIMEWARE PAYMENT CARD SKIMMERS WEB APP ATTACKS 92 % THE
Securing Big Data Learning and Differences from Cloud Security Samir Saklikar RSA, The Security Division of EMC Session ID: DAS-108 Session Classification: Advanced Agenda Cloud Computing & Big Data Similarities
Big Data Getting Value from Big Data: Focus on the Opportunities, Not the Obstacles Table of Contents 2 Embark on Your Big Data Journey with Confidence Getting Started, Keeping Moving 3 Big Data Hype Versus
Introduction.... 1 Emerging Trends and Technologies... 3 The Changing Landscape... 4 The Impact of New Technologies... 8 Cloud... 9 Mobile... 10 Social Media... 13 Big Data... 16 Technology Challenges...
A Websense White Paper ADVANCED PERSISTENT THREATS AND OTHER ADVANCED ATTACKS: THREAT ANALYSIS AND DEFENSE STRATEGIES FOR SMB, MID-SIZE, AND ENTERPRISE ORGANIZATIONS REV 2 ADVANCED PERSISTENT THREATS AND
www.pwc.com PwC Advisory Oracle practice 2012 How to drive innovation and business growth Leveraging emerging technology for sustainable growth 1 Heart of the matter Top growth driver today is innovation
A REPORT BY HARVARD BUSINESS REVIEW ANALYTIC SERVICES Meeting the Cyber Risk Challenge Sponsored by ABOUT ZURICH INSURANCE GROUP Zurich Insurance Group (Zurich) is a leading multi-line insurance provider
CHAPTER9 BUSINESS INTELLIGENCE THE VALUE OF DATA MINING Data mining tools are very good for classification purposes, for trying to understand why one group of people is different from another. What makes
CIO Roundtable - Big March 13, 2013 Big and its Dimensions Big refers to internal and external data that is multi-structured, generated from diverse sources in near real-time and in large volumes making
What is Cyber Threat Intelligence and why do I need it? Global Cyber Threat Intelligence much ado about something The Information Security market is buzzing about cyber threat intelligence. Following all
IBM Software Group 2014 Cloud, Big Data, Mobile, Social and Security Pairoj Ruamviboonsuk Software Client Architect IBM SWG Thailand Igniting change the transformative power of computing Back-office computing
Cyber Security: Designing and Maintaining Resilience White paper presented by: Georgia Tech Research Institute Cyber Technology and Information Security Laboratory Dr. George A. Wright Chief Engineer Terrye
fs viewpoint www.pwc.com/fsi 02 15 19 21 27 31 Point of view A deeper dive Competitive intelligence A framework for response How PwC can help Appendix Where have you been all my life? How the financial
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
TELSTRA CYBER SECURITY REPORT 2014 Security insights, trends and impact to Australian organisations EXECUTIVE SUMMARY The internet presents a world of social connectivity, economic growth and endless opportunities
a report by harvard business review analytic services The New Conversation: Taking Social Media from Talk to Action Sponsored by Conventional marketing wisdom long held that a dissatisfied customer tells
CYBERSECURITY A Resource Guide for BANK EXECUTIVES Executive Leadership of Cybersecurity CEO LETTER I am proud to present to you the CSBS Executive Leadership of Cybersecurity Resource Guide. The number
E-PAPER March 2014 Big Data & the Cloud: The Sum Is Greater Than the Parts Learn how to accelerate your move to the cloud and use big data to discover new hidden value for your business and your users.
Big Data: The organizational challenge If you don t know who (and where) your chief analytics officer is, you may already be behind the curve. By Travis Pearson and Rasmus Wegener Travis Pearson is a partner
Clouds on the Horizon Cloud Security in Today s DoD Environment Bill Musson Security Analyst Agenda O Overview of Cloud architectures O Essential characteristics O Cloud service models O Cloud deployment