For those expecting a Terminator-esque diatribe warning you about the evils of ‘machine’ autonomy you’re in the wrong place. For a security professional, I am perhaps the least suspicious and prone-to-conspiracy person I know. Even my Sister and Brother-in-law are worse, but they are a lawyer and Scottish respectively so their paranoia is expected.
After reading Daniel Burrus’s articles ‘Big Data Is Already Producing Big Results‘ and ‘Create an Integrated Big Data Strategy To Increase Sales Now‘ it occurred to me that while Big Data has no place in security beyond forensics (in my opinion), the security OF the big data itself is critical. So is the integrity and availability of it.
The concept of Confidentiality, Integrity and Availability (CIA) has been around almost as long as I have, but only with the advent of big data and real-time analytics does it truly come into its own.
Everyone trying to sell you something – which is everyone – is looking at big data, or more specifically, how to collect the data in first place, and what to DO with it once they’ve got it.
Scenario: You’re out shopping with your wife when suddenly you are barraged by lingerie offers, as your spending habits over the last few months have been recorded and instantly regurgitated by hopeful vendors. Your wife has no lingerie…
Morality aside, this is a gross invasion of his privacy (loss of confidentiality). Now image if that data was actually inaccurate (loss of integrity), I’m sure his wife would be very understanding, right? As for availability, that’s the vendor’s problem so I don’t care much.
Now, let’s take this even further. In ‘The Internet of Things‘, soon everything from your home security to your dog will be online. Your location, your travel plans, your favourite everything will be known by someone, or someTHING, somewhere. The amount of information being collected is growing, quite literally, exponentially. The trend is also to automate as much as possible, so for example, if no-one’s home, the oven should not be on. Do we really want ALL of these decisions made without human interaction?
I personally love the way things are going. Instant access, always-on, functionality, convenience etc. But I am prepared to pay the price for this, the currency of which is measured in terms of the loss of both my privacy, and potentially, my personal safety. The data is online, if someone really wants it, they can get it, then do things with it I don’t even want to contemplate.
Big Data is not evil, data just is, it’s the use to which the data is put that defines good or bad. Businesses have been very quick off the block to define the profit-making contexts within real-time data analysis, but so far I haven’t seen much in the way determining what’s right and wrong. Or whether or not we even have a choice to take part in it.
The generations born prior to 1990 are most likely the ones holding this trend back, so we’re the one’s who’d better write the policies, and put the checks and balances in place, because the Millennials are too busy posting pictures of their junk.