A data-centric approach to security is an urgent necessity as cloud computing enables ever-increasing volumes of data to be accessed with ease by multiple parties, industry executives said.
As individuals make an increasing amount of information about themselves available on a plethora of social platforms that also tie into online commerce, and businesses seek to profit from this rich source of information about consumer behavior, who gets to see what and how is a huge headache that IT executives face.
“With this whole SMAC thing, data has kind of exploded all over the place; it’s no longer within the bounds of the organization ... obviously, security has to become data-centric, no doubt about it,” said Parag Deodhar, chief risk officer at Bharti AXA General Insurance Company.
Through 2016, eight out of 10 businesses will not have a comprehensive data security policy, according to research firm Gartner.
"Businesses have traditionally managed data within structured and unstructured silos, driven by inherent requirements to deploy relational database management systems, file storage systems and unstructured file shares," said Brian Lowans, principal research analyst at Gartner.
Read more about big data
"However, the advent of big data and cloud storage environments is transforming the way in which data is stored, accessed and processed, and CISOs need to develop a data-centric security approach,” Lowans said.
Executives such as Deodhar at Bharti AXA are taking this very seriously, having already rolled out data-flow analyses, implemented data-loss prevention tools and considered data-rights management.
The multiplicity of the tools is also part of the problem Deodhar said, echoing Gartner’s view: “I’ve yet to see one (comprehensive) tool,” he said.
“The vendors, the existing platforms that they have, are getting remodelled or repositioned as data-centric security, but frankly to me, it’s nothing but existing tools that are being called so ... whether it is cloud security or database.”
Earl Perkins, research vice-president at Gartner added: "The market has so far failed to offer CISOs the data-centric audit and protection (DCAP) products they need to operate across all silos with consistency."
The use of different tools for each silo is complicating the implementation of any business-wide data security plans due to different functionalities, network architectures and data repositories, Perkins said.
From a big data analytics perspective, while enterprise data is growing, Pradeep Janakiraman, former vice-president of engineering at Crayon Data, a big data analytics company that was recently named to the top five list of the Watson Mobile Developer Challenge, said: “That is not the elephant in the room”.
“The real big data is user-generated data, social data and data generated by machines, such as logs ... and that kind of data is huge,” added Janakiraman, who now works as an industry consultant on data security and compliance.
AXA’s Deodhar said: "Today, customers are accessing websites of various businesses; if they use their smartphones, there is a lot of data that is being captured, and that is getting into the big data platforms for analytics for marketing use.
“There is a lot of information now available, including geocodes, geolocations and so on,” he said.
CIOs are under enormous pressure from their business counterparts to find viable ways of using available data about their consumers to boost growth and profitability. What this implies is a “blending” of moving large amounts of extra-enterprise data from social platforms into the enterprise, and moving some internal enterprise data onto the cloud, Janakiraman said.
“So people have to take a data-centric approach,” he added.
Gartner’s Lowans said that this will also force business unit heads to get accustomed to working much more closely with technology heads responsible for data security.