Securing the Unknown: Theoretical Limits of Big Data



Similar documents
The Future of Business Analytics is Now! 2013 IBM Corporation

Coverity White Paper. Reduce Your Costs: Eliminate Critical Security Vulnerabilities with Development Testing

Rashmi Knowles Chief Security Architect EMEA

Nuxeo Insights: The Evolution of Content in the Software-Defined Enterprise!

Patient Advocate Checklist For:

Oracle Business Intelligence 11g Business Dashboard Management

Business Intelligence

Enterprise Data Integration

agility made possible

Big Data, Integration and Governance: Ask the Experts

!!!!! White Paper. Understanding The Role of Data Governance To Support A Self-Service Environment. Sponsored by

Enterprise Data Management for SAP. Gaining competitive advantage with holistic enterprise data management across the data lifecycle

Frequency Matters. The keys to optimizing send frequency

No Data Governance, No Actionable Insights

Big Data, Big Risk, Big Rewards. Hussein Syed

SECTION 10-2 Mathematical Induction

Data Governance and Big Data - A Necessary Convergence. Richard Goldberg Chief Data Governance Officer Citibank Global Consumer Bank

Websense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration

Information overload: How to make data analytics work for the internal audit function

HRizons Human Capital Management

Information Security Managing The Risk

8:00 a.m. Breakfast Meeting 11:00 a.m. Dentist 12:00 p.m. Lunch with Tom 1:00 p.m. Conversation with Head of UBS Research

BIG DATA: IT MAY BE BIG BUT IS IT SMART?

Enterprise Social Networking: Finding Value in Serendipity

Fruit Machine. Level. Activity Checklist Follow these INSTRUCTIONS one by one. Test Your Project Click on the green flag to TEST your code

Deploying Big Data to the Cloud: Roadmap for Success

INTEGRATING THE TWO WORLDS OF PHYSICAL AND LOGICAL SECURITY

IT Services Management Service Brief

can I customize my identity management deployment without extensive coding and services?

How To Manage Risk With Sas

RSA Archer Risk Intelligence

BEYOND BUSINESS INTELLIGENCE: How banks can use Advanced Analytics to win in the experience era

Build an effective data integration strategy to drive innovation

White Paper Software Quality Management

An Often Overlooked Security Hole in Enterprise Extender and Mainframe Networks By Stu Henderson and Peter Hager

OPERA SOLUTIONS CAPABILITIES. ACH and Wire Fraud: advanced anomaly detection to find and stop costly attacks

Cyber Adversary Characterization. Know thy enemy!

A report from the Economist Intelligence Unit. Retail banks and big data: Risk and compliance executives weigh in

Preventing Data Leaks At The Firewall A Simple, Cost-Effective Way To Stop Social Security and Credit Card Numbers From Leaving Your Network

CYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY

Using Data Analytics to Detect Fraud

CALLING FEATURE USER GUIDE

4) CRM provides support for front-end customer facing functionality. Answer: TRUE Diff: 1 Page Ref: 334

mwd Best Practice Insight a d v i s o r s BPM Case study: Surrenda-link Investment Management Neil Ward-Dutton Premium Advisory Report September 2009

Summary. January 2013»» white paper

IBM Software A Journey to Adaptive MDM

Engineering Process Software Qualities Software Architectural Design

We ll begin the webinar at approximately 1:01 pm EST.

A Guide to Successfully Implementing the NIST Cybersecurity Framework. Jerry Beasley CISM and TraceSecurity Information Security Analyst

Analance Data Integration Technical Whitepaper

Implementing an Information Governance Program CIGP Installment 2: Building Your IG Roadmap by Rick Wilson, Sherpa Software

CHAPTER SIX DATA. Business Intelligence The McGraw-Hill Companies, All Rights Reserved

CYBER RISK SECURITY, NETWORK & PRIVACY

Private vs. Public Cloud Solutions

Just-in-Time Marketing: Lessons from the Masters

CSF Designer. Complete Customer Communication

WHAT YOU D KNOW IF WE COULD TALK TO YOU

management solutions

CA Big Data Management: It s here, but what can it do for your business?

APIs The Next Hacker Target Or a Business and Security Opportunity?

Introduction to computer science

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

Data Deduplication: An Essential Component of your Data Protection Strategy

Inside Track Research Note. In association with. Enterprise Storage Architectures. Is it only about scale up or scale out?

The Journey into Speech Analytics

Government Technology Trends to Watch in 2014: Big Data

Traffic Visibility Networking (TVN) can Simplify and Scale IT Operations in a Networked World

The Bellevue Center for Obesity & Weight Management. Program Director: Manish Parikh, MD WEIGHT LOSS SURGERY INFORMATION SEMINAR

WEIGHT LOSS SURGERY INFORMATION SEMINAR

Appendix 2: Intended learning outcomes of the Bachelor IBA

LEI and Big Data. Arthur Kennickell Federal Reserve Board SOI Panel Meeting June 5, 2015

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Assessing Risks in the Cloud

How To Test For Security On A Network Without Being Hacked

Big Data Industry Approaches to Operational Excellence

Full-Service EDC as an Alternative to Outsourcing

Transcription:

Securing the Unknown: Theoretical Limits of Big Data Reg Harbeck, Mainframe Analytics Brian Cummings Tata Consultancy Services Wednesday, March 12, 2014: 08:00 AM - 09:00 AM Session 14752 Insert Custom Session QR if Desired.

Who We Are Brian Cummings Currently working at Tata Consultancy Services Mainframe security expert with 30+ years experience Information Security & Risk Strategist GRC and Enterprise Risk Management Evangelist Advocate for Risk-Balanced Solutions & Controls Focus on RACF, Architecture, GRC, Big Data, Compliance, Privacy 2

Who We Are Reg Harbeck Currently Chief Strategist at Mainframe Analytics ltd. 25+ years in systems, networks, applications, security on mainframe and other platforms Expertise in all three z/os security packages, regulatory compliance 3

Plan of Attack Context and Concepts Unmeasurability, incompleteness, uncertainty and other challenges in securing big data The Hitch Hiker s Guide to an ongoing response to these issues 4

Context and Concepts Big Data Some relational Some unstructured Some multimedia Varying and increasing confidentiality, sensitivity and validity Few hard edges Consequences of exposure unpredictably severe Mapping regulations and laws non-trivial 5

The Big Data Value Chain Risk increases as your Big Data gains value Data Analytics Reporting and Human Analytics Decisions and Action Permission of Creative Commons Data, Content Input Data Aggregation and Organization Security Risks Confidentiality: Your work can have value to others. Integrity: Big data integrity is key to appropriate decision making Availability: Big data project criticality increases as you approach decision making. Timely decisions could be impacted by an untimely interruption. Baseline Value & Risk Standard and relatively constant data, privacy, and segregation of duties risk and controls Big Data Value Chain 6

Context and Concepts Heisenberg s Uncertainty Principle Can t measure without changing beyond a certain granularity Relevance to big data: More and more expensive to properly characterize nature and criticality of data More awareness = more responsibility Less awareness = greater exposure Cannot have perfect awareness and control, but regulations and headlines assume it P=momentum X=position Big Data environments will be highly dynamic taking in new data, aggregating data, analyzing data, producing predictions and actionable insights. The CIA of various data elements will be difficult to define and evaluate. 7

Context and Concepts Gödel s Incompleteness Theorem Any sufficiently complex system of expression is capable of containing indeterminably true/false assertions, e.g., This sentence is false. Implications for big data: Metadata about the criticality and sensitivity of data becomes a security issue this data is not sensitive can be a sensitive fact Processing requirements for in-depth granularity become a resource issue, but also a hint about the security of a given piece of data. As you move through the big data value chain, data at one point might be of little value, but may have higher value a step further taken in the context of aggregation or analytics. The challenge is to pinpoint when the data reaches a value (completeness) that would be deemed sensitive and subject to increased security. 8

Context and Concepts The Halting Problem The only way to know whether an arbitrary simple program ever finishes running is to run it. In running it, if it doesn t stop, you don t know if it ever will (halt) Implications for big data: Can t generically predict for an arbitrary block of data how sensitive it is or how much processing it will take to properly secure it Security becomes a journey without a knowable end Can t accept unlimited processing time to determine how to best secure a given mass of data Will there be a steady-state in Big Data environments a point at which data stops changing? Likely not, and you can t wait to see if it ever reaches that state. Don t let the pursuit of perfection get in the way of doing something. 9

Context and Concepts Schrödinger s cat Mathematically, it s 50% dead until you look inside the box, i.e., both dead and alive Implications for big data: Without measuring/examining a given mass of data, you can only assign probabilities of its sensitivity and the effort to secure it Once the effort and time are taken to measure/determine its actual sensitivity, the odds are no longer relevant for the specific, but improve generic characterization in the future If you don t measure a specific mass of data, hackers and headlines might We face a conundrum in the transmutation of data as it moves through the Big Data value chain. How to secure something as it continually evolves. Is it or isn t it sensitive? 10

A Hitch Hiker s Guide Don t Panic it won t help SHARE your journey Write up problem when in doubt secure more Once Schrödinger s cat s out of the bag, it s too late Security after the fact is a sitting duck Security before the fact is somewhere between denial of service/access and a discouragement of future involvement Current motivational thinking about Quantum Physics suggests to predict an outcome, choose it 11

A Hitch Hiker s Guide Discussion re Heisenberg: What are your experiences with uncertainty about security and measurement of data sensitivity? Practical approaches to balancing generic/specific in characterizing and securing data? 12

A Hitch Hiker s Guide Discussion re Gödel s Incompleteness Theorem What are your experiences with mobius loops between data, metadata, and sensitivity? Practical approaches to cutting such Gordian knots? 13

A Hitch Hiker s Guide Discussion re Halting Problem What are your experiences with predicting complex sensitivity of data? Practical approaches to quickly determining sensitivity of arbitrary masses of big data? Forbes 9/24/2012 14

A Hitch Hiker s Guide Discussion re Schrödinger s cat What are your experiences with characterizing vs measuring the sensitivity of data? Practical approaches to balancing effort to secure arbitrary data with high need to know and high sensitivity without getting stuck in a fractal vortex 15

Conclusions and Take-Aways Security is a journey, not a destination Important to SHARE your insights Balance need-to-know, sensitivity, resource-intensivity, timeliness, and potential regulatory, headline and hacker exposure Attitude, action, attention, adjustment repeat With the uncertainties presented by Big Data environments, can a case be made to tightly restrict those environments? The value of analytical results, predictions, and actionable insights will be quite high. How is aggregated data validated? How is the integrity of analytical results validated? Would it make sense to publish these analytical results and recommendations to a DRM solution? We have much to learn, but we know we need to be concerned and protective. Details? See Brian s Big Data Big Security Risk SHARE presentation. 16

17 Thank You!

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information