Everyone knows that there are risks associated with moving enterprise data to a Cloud and everyone knows the huge potential that the analytics of Big Data can bring especially when using the Cloud, but what happens when these two converge.
The presentation will discuss some of the security and privacy challenges associated with Big Data in the Cloud and will present a number of key initiatives that the ODCA have done to support enterprises that wish to take this step. To listen to the webinar based on this presentation with audio please visit the ODCA BrightTalk channel: https://www.brighttalk.com/webcast/9831/109843
Boost PC performance: How more available memory can improve productivity
The Security of Big Data: An Enterprise Perspective
1. BIG DATA, CLOUD, SECURITY, AND ODCA
USAGE MODELS
Ian Lamont
BMW AG
2. ODCA Big Data and Security Seminar | 2
BIG DATA (WIKIPEDIA)
Big Data is the term for a collection of data
sets so large that it becomes difficult to
process using hands-on database management
tools and processing applications. The
challenges include capture, curation, storage,
search, sharing, transfer, analysis, and
visualisation.
3. ODCA Big Data and Security Seminar | 3
CHALLENGES
• Privacy (particularly in Europe)
Security
Valid and fair usage
Right to be forgotten
Jurisdiction
4. ODCA Big Data and Security Seminar | 4
BIG DATA (WIKIPEDIA)
Big Data is the term for a collection of data
sets so large that it becomes difficult to
process using hands-on database management
tools and processing applications. The
challenges include capture, curation, storage,
search, sharing, transfer, analysis, and
visualisation.
5. ODCA Big Data and Security Seminar | 5
BIG DATA SECURITY
6. ODCA Big Data and Security Seminar | 6
PLATFORM SECURITY
• Provider Assurance Usage Model
Provides standard definitions of
Security for Cloud Services
Bronze, Silver, Gold, and Platinum.
Mirror internal security levels to
external requirements.
7. ODCA Big Data and Security Seminar | 7
NETWORK AND FIREWALL ISOLATION
Network segregation and firewalls are required to protect all
assets managed in the cloud. The level of involvement of the
cloud provider in the management of firewall rule sets will vary
depending on the level of service offered.
Bronze
The firewall rule sets are managed by the cloud provider with no direct involvement of the cloud
subscriber.
Silver
The firewall rule sets are managed by the cloud provider with changes advised to the cloud subscriber
before implementation. The cloud provider should offer network segmentation between logical tiers.
Gold
The firewall rule sets are managed by the cloud subscriber. The cloud provider retains access to the
firewall at the administrator level in order to provide system maintenance. The cloud provider must offer
network segmentation between logical tiers and should offer Layer-7 protection to prevent application-
level attacks.
Platinum
The cloud provider has no access to firewalls. All admin tasks including rule updates are managed by the
cloud subscriber. The cloud provider must offer network segregation between logical tiers and Layer-7
protection to prevent application-level attacks.
8. ODCA Big Data and Security Seminar | 8
VULNERABILITY MANAGEMENT
A vulnerability management process that ensures installation of
system and software patches within the targets is identified below.
The test process must ensure proper function of the patch and
compatibility to the actual target systems with no negative impact
on resource utilization (i.e., memory and CPU consumption).
Bronze
Vulnerabilities with a basic Common Vulnerability Scoring System (CVSS) score of greater than 9 (or those rated
as High by Microsoft or other vendors) must be patched within 96 hours; all others within 1 month.
Silver
Vulnerabilities with a basic CVSS score of greater than 5 (or those rated as Medium or High by Microsoft or
other vendors) must be patched within 96 hours; all others within 1 month.
Gold
Vulnerabilities with a basic CVSS score of greater than 2 (or those rated as Low, Medium, or High by Microsoft
or other vendors) must be patched within 96 hours; all others within 1 month.
Platinum All vulnerabilities must be patched within 24 hours of their release by the vendor.
9. ODCA Big Data and Security Seminar | 9
PLATFORM SECURITY
10. ODCA Big Data and Security Seminar | 10
BIG DATA SECURITY
11. ODCA Big Data and Security Seminar | 11
DATA SECURITY
• Encryption
Data at Rest
Data in Transit
• Data Masking
Anonymization and Pseudonymization
• Access Methods
User type profiling
• Backup, Restore, and Archiving
12. ODCA Big Data and Security Seminar | 12
DATA LIFECYCLE
13. ODCA Big Data and Security Seminar | 13
ACCESS POINTS
16. ODCA Big Data and Security Seminar | 16
IDENTITY AND ACCESS MANAGEMENT
• Identity Provisioning
• Governance and Auditing
• Privileged User Access
• Single Sign On
17. ODCA Big Data and Security Seminar | 17
IDM BASIC MODEL
18. ODCA Big Data and Security Seminar | 18
IDM CLOUD MODEL
19. ODCA Big Data and Security Seminar | 19
IDM GOVERNANCE
20. ODCA Big Data and Security Seminar | 20
OTHER ODCA COLLATERAL
• Security Monitoring
• Interoperability
• Guide to
• SaaS Interoperability
• Information as a Service
• also Data Mgmt for Info_aaS
• and much more ……
21. ODCA Big Data and Security Seminar | 21
OTHER PROBLEMS / CHALLENGES !!!
• e-Discovery (UM coming soonish)
• Data Ownership
• plus anything else you can think of !
22. ODCA Big Data and Security Seminar | 22
Standardized
Response Checklists
Accelerate TTM
Shared Practices
Drive Scale
Streamlined
Requirements
Accelerate Adoption
Available to Members at: www.opendatacenteralliance.org
URL for Public content: www.opendatacenteralliance.org
MORE INFORMATION AND ASSETS
23. ODCA Big Data and Security Seminar | 23
Go forth (securely) and Big Data
QUESTIONS
Artist: Thierry
Gregorius
24. ODCA Big Data and Security Seminar | 24
www.opendatacenteralliance.org