IBM's four key steps to security and privacy for big data
3 likes4,930 views
The document outlines the need for robust security and privacy strategies in managing big data, emphasizing that modern data challenges arise from consumerization, external attacks, human errors, and IT glitches. Data breaches can have significant financial and reputational impacts, making data security a top executive concern. To address these issues, it suggests a holistic approach involving discovery, hardening, monitoring, and protection of sensitive data.
IBM's four key steps to security and privacy for big data
- 1. © 2014 IBM Corporation Four key steps to security and privacy for big data
- 2. © 2014 IBM Corporation Addressing Modern Data Security and Privacy Concerns 2 Change increases data management challenges Consumerization of IT Data is… Generated 24x7 Used everywhere Always accessible On private devices Data Explosion Data is… Leaving the data center Stored on shared drives Hosted by 3rd parties Managed by 3rd parties Data is… Produced in high volumes Stored in diverse formats Analyzed faster/cheaper Monetized Mobile New data platforms offer tremendous opportunities for enterprises, but they are also a honey pot for attackers.
- 3. © 2014 IBM Corporation Addressing Modern Data Security and Privacy Concerns 3 Threats to data come from a variety of sources 42% external, malicious attacks 30% human errors 29% system/IT glitches Where do data breaches originate? Source: 2014 Cost of Data Breach Study: Global Analysis, Ponemon Institute LLC, May 2014
- 4. © 2014 IBM Corporation Addressing Modern Data Security and Privacy Concerns 4 Data breaches have a significant financial impact of companies said a data breach caused moderate to severe impact on the business 2/3 of customers would leave you if you mistreated their data average cost of a data breach $184M - $330M brand value lost by each victim of a data breach 2/3 76% $3.5M Source: Reputation Impact of a Data Breach, Ponemon Institute LLC, Oct 2011
- 5. © 2014 IBM Corporation Addressing Modern Data Security and Privacy Concerns 5 Data security is becoming a greater executive concern Increasingly, companies are appointing CISOs, CROs and CDOs* with direct lines to the Audit Committee Loss of market share and reputation Legal exposure Audit failure Fines and criminal charges Financial loss Loss of data confidentiality, integrity and/or availability Violation of employee privacy Loss of customer trust Loss of brand reputation CEO CFO/COO CIO CHRO CMO *Source: Discussions with more than 13,000 C-suite executives as part of the IBM C-suite Study Series * Chief Information Security Officer Chief Risk Officer Chief Data Officer C-level officers have varied concerns about data security and privacy.
- 6. © 2014 IBM Corporation Addressing Modern Data Security and Privacy Concerns 6 To protect data, address these key questions Where is the sensitive data? How can sensitive data be protected? What is actually happening? How can we prevent unauthorized activities be prevented? Discovery Classification Identity & Access Management Activity Monitoring Blocking Quarantine Masking/ Encryption Assessment Compliance Reporting & Security Alerts Data Protection & Enforcement Security Policies Access Entitlements 1. Discover 2. Harden 3. Monitor 4. Protect
- 7. © 2014 IBM Corporation Addressing Modern Data Security and Privacy Concerns 7 Build a holistic data security and privacy strategy Big data and traditional environments Data at Rest Configuration Data in Motion Discovery Classification Masking Encryption Vulnerability Assessment Entitlements Reporting Activity Monitoring Dynamic Data Masking 1. Discover 2. Harden 3. Monitor 4. Protect Blocking Quarantine A holistic data security and privacy strategy will: a. prevent data breaches b. ensure data integrity c. reduce cost of compliance d. protect privacy
- 8. © 2014 IBM Corporation Addressing Modern Data Security and Privacy Concerns 8 Four steps to holistic data security and privacy Find & Classify Secure & Monitor Harden Protect & Remain Vigilant Continuously assess database vulnerabilities Monitor authorized access entitlements Centralize reporting Define sensitive data Discover and classify sensitive data Collaborate between business & IT Real-time alerts on configuration changes Preconfigured policies and reports Built-in compliance workflow Automated security policies Enforce change control Mask sensitive data Prevent cyber attacks Encrypt data at rest Best practices based approach aligns people, processes and technology to create a cohesive, coordinated approach to data security 1 2 3 4
- 9. © 2014 IBM Corporation Addressing Modern Data Security and Privacy Concerns 9 Explore further Four steps to a proactive big data security and privacy strategy Comprehensive data protection for physical, virtual and cloud infrastructures Download these free eBooks and get started with your data security and privacy journey
- 10. © 2014 IBM Corporation Addressing Modern Data Security and Privacy Concerns 10 ACT with Confidence