Wikipedia describes big data as; “…a collection of data sets so large and complex that it becomes difficult to process using on-hand database management tools or traditional data processing applications.”
So why complicate the already difficult concept of developing an effective security program with a huge lump of data you can neither store, nor put to good use yourself?
I’m not against big data per se, there are some very relevant areas where it’s actually required; weather forecasting, social analytics, brain mapping, economics etc, but in security? I don’t think so.
Security must be simple to be effective, and less is almost always more. Good security is baselined, white listed, known good and so on, big data can only be effective when your end goal remains somewhat static. I very much doubt either the bad guys, or your business will stay still long enough put the results of the big data mining efforts to good effect.
Also, and I’m far from being a conspiracy theorist (I’m just not suspicious enough), but I can’t help but think the ones who really benefit are the those who already have the storage, the bandwidth, and the exiting data mining tools to make it effective, AND are looking for more business. Security must begin with a business need, then a requirement for specific functionality, it is not falling for a sales pitch or a perceived competitive edge based on the latest buzz-phrase.
Instead of trying to understand your security posture with big data, consider the following;
- What kind of sensitive or business relevant data do you have?
- Where is it?
- Which applications or people access this data?
- Do you REALLY need all of the data you have?
- Is your EXISTING security programme as effective as it could be?
If you don’t know the answer to ALL of these questions, you should start there. This doesn’t even qualify for ‘You can’t manage what you can’t measure.’, this is ‘You can’t protect what you don’t even know you have.’
Maybe, years down the road, when your security programme is a well oiled machine, and your Governance department is the paragon of business-to-IT communications, then, and only then, should you consider something as advanced as this. Though I seriously doubt it even then.
[If you liked this article, please share! Want more like it, subscribe!]