Majority of Organizations Have Big Data Systems Running; 73% Use Them to Manage Sensitive Information Including PII, Payment Card Data and National Security Intelligence
SANS announced availability of its first survey and research report identifying how often organizations ranging from enterprises to government agencies are utilizing big data systems, what the associated security challenges are, and how risks can be easily mitigated. Sponsored by Cloudera, the leader in enterprise analytic data management powered by Apache Hadoop™, the study was authored by SANS Analyst Barbara Filkins, with SANS Director of Emerging Technologies John Pescatore participating as an advisor.
In Enabling Big Data by Removing Security and Compliance Barriers, it was revealed that 55 percent of respondents were operating big data systems in full production, pilot or proof of concept, and that 28 percent plan to have big data applications deployed within the next two years. Also revealed by the survey were the primary data types respondent organizations are managing in their big data systems, which included personally identifiable information (PII, 73%), employee records (64%), intellectual property (59%), payment card information (53%), national security intelligence data (40%) and more. Additionally, it was shown that organizations are coming under increased compliance pressure, with 83 percent reporting that their big data systems must comply with one or more regulatory standards.
“Today, the world of data security is still relatively new—threat intelligence, traditional security approaches and a focus on managing mobile and cloud resources have generally advanced the state of data security. But until now, a comprehensive look at security as it relates to big data, Hadoop and the many related applications in use hasn’t existed,” said Filkins. “This SANS survey and research report paint a clear picture of how organizations are using big data architectures for real production workloads and what they should be most concerned about, and provide advice on how to reduce risk in existing and future big data environments.”
“The findings of this survey are completely consistent with the use cases Cloudera customers have been deploying for many years,” said Sam Heywood, director, Cloudera Security Center of Excellence in Austin, Texas. “In fact, our customer and partner MasterCard has been operating a PCI-certified enterprise data hub since 2014. Cloudera enables these use cases with continued investments in security, including key acquisitions like encryption and key management vendor Gazzang, and partnering with Intel around project Rhino. This allows Cloudera to offer comprehensive, enterprise-grade compliance-ready security.”
Additional findings revealed key use cases for big data applications, how sensitive data access is managed, how effective their security controls are, and that the C-level should be taking responsibility for data governance and security:
● 54% integrate with existing identity and access management systems to manage sensitive data access and 45% authorize user access based on roles (RBAC)
● 78% of those able to rank security control effectiveness said host-based security technologies were the most effective
● 72% of those able to rank security control effectiveness said network-based security technologies were the most effective
● 40% of those able to rank security control effectiveness said encryption technologies were very effective
● 25% (highest percentage) of respondents said that the CIO and CTO are responsible for big data governance
● 18% (second highest percentage) said that the CSO and CISO are responsible for big data governance _● Less than 5% said system administrators, security administrators and app developers and managers held responsibility
Enabling Big Data by Removing Security and Compliance Barriers Survey and Report polled 206 respondents in Q4 2014. In keeping with the SANS membership base, 80 percent of respondents work in technical roles within IT. In the survey, 52 percent had job titles directly related to security; 28 percent held titles indicating a variety of technical and managerial roles. The remaining 20 percent held titles indicating specialties in compliance, incident response and forensics, application development, business unit manager and application owners and executive management. Industries represented include government, banking and finance, IT, telecom, and healthcare.