Unprecedented opportunities offered by
big data in advance science, health care, economic growth, education, social
interaction and entertainment are being used by business across all these
verticals. However, the underlying risk of data privacy security remains a
major bottleneck in big data era. We have witnessed increasing number of data
breaches in the recent history. The security loop holes in most the data
breaches are evident that we have very little control on the access of this
data especially when it comes to third party sharing. Aggregation and mining of
public data is becoming a common practice among scientists, businesses,
clinicians and even government agencies.
Big data analytics has provided a set of
useful open source tools for data mining and modeling but there is still lack
of effective frameworks and approaches for ensuring security and privacy in
this highly distributed environment. One of the foundation pillars of big data
era is ability to share and mine the data but there is very little focus on
implementing strict security and privacy principals when it comes to third
party data sharing with ever expanding vulnerabilities through these data sets.
In this article, we will discuss some of the key issues related to security and
privacy in this Big Data Era and would also discuss the SMW (Secure Medical
Workspace) for controlled data access.
KEY
ISSUES:
- · Increasing data with increasing security vulnerabilities.
- · Incapable existing solutions to protect data.
- · Need of new Approaches to protect data
ANALYSIS
OF ISSUES:
Increasing data
with increasing security vulnerabilities:
We have witnessed a huge increase in big
data accessibility in recent years. Some of this aggregated data is available
for public use by government agencies. Increasing computing capabilities
provided by modern computing solutions are making it possible to extract and
mine massive data sets. For instance, surveillance programs by national
security Administration (NSA) are collecting massive amounts of data through
data intensive programs. With Utah data center opening, these efforts are
anticipated to grow at significant rate. The center’s computation goal is to
achieve computing capability to the level of exaflop by 2018. This growth is
not limited a government agencies but private businesses, hospitals and
researchers are also at the forefront of data collection and mining by
utilizing the power of computing. The major security concern with this practice
lies in data sharing with third parties. There is very little or no control of
the data once it has gone out of the premises of original data collection
agencies.
Large scale data
collection and sharing is common place with inadequate frameworks to ensure
security and privacy of this confidential data. Lack of adequate training and
understanding of data security and privacy has led to this situation. Security
and privacy concerns are thereby increasing at the same rate of data growth. Incidents
of data hacking have become more dangerous due to availability of these massive
data sets. Therefore, data leakage has become more alarming than ever before.
For instance, data hacking of Utah’s department of health databases in March
2012 led to loss of personal data from 780,000 patients with over 280,000
records of social security numbers.
With more and
more businesses engaging in third party use of sharing personal information,
security and privacy issues are anticipated to grow.
Incapable
existing solutions to protect data:
We
have seen tremendous increasing big data analytics tools, both open source and
proprietary. However, we have not seen enough frameworks and tools to ensure
security and privacy in this changing era, which is centered on data sharing.
Existing and traditional solutions to data leakage are highly incapable to deal
with the situation. We still see lot of oral or written pledges to protect
against data breaches even the NSA relies on oral pledges, which are not
effective if the motivation to leak data is stronger than the motivation to
protect it. Passwords and authorize access remains at the top when it comes to
data security and privacy. Effective password policies couple with strong
password guidelines and expiration policy, has remained one of the most useful
tool to protect against data breaches.
Even though, passwords can provide a good layer of security against
unauthorized access but password are prone to hacking even with strongest
password reset procedures in place. We have witnessed the underlying vulnerabilities
in password in recent years. Multifactor authentication provides a better
approach over the simple password authentication where user requires a password
as well as some sort of physical identification method such as finger print
etc.
However, all these traditional
approaches fail to consider the fact that what happens in an intensive data
sharing environment once the data has been delivered to third party. The
question is who own the responsibility to protect the data in this highly
distributed era of big data? There needs to be new security policies and
frameworks in place.
Need of new
Approaches to protect data:
As
discussed above, traditional approaches and frameworks cannot guarantee a
solidified approach to data privacy and security. Data leakage associated with
confidential and sensitive information requires that data security and privacy
is maintained at all the levels in big data hierarchy. Given the fact that data
needs to be shared among entities, it becomes increasingly important to
restrict the data access through a virtualized environment. Data Leakage
prevention technology provides one such solution. Through DLP, data packets are
inspected by location and file classification. However, it becomes too
stringent for bother end users and IT staff. Also, it does not protect against
accidental or intentional data leakage.
SMW(
Secure Medical Workspace), developed by RENCI and university of North Carolina
provides an effective solution to data leakage. Originally designed for
protecting patient data,this framework can be generalized to other business
problems.
SMW allows
approved requesters with access to required data on a secure virtual workspace
coupled with ability to prevent data sharing. SMW technological features
include;
·
Two Factor Authentication for gaining
access to SMW
·
Virtualization technology to provide
access to required data.
·
Preconfigured virtual machine images to
implement security policies.
·
Encryption techniques for data in motion
and data at rest.
·
IT management capabilities
CONCLUSION:
With the increasing applications are
data analytics, the privacy and security concerns around data are only going to
increase in the future. It is true that security frameworks and tools need to
be revisited periodically to ensure up to date security policies. However, in this
data centric era, it is not only important to update the security frameworks
but also devise new methods to ensure security and privacy. Recent data
breaches are evident that we need to improve on security and privacy
frameworks. We can no longer wait for the breach to happen in order to identify
the possible problem with the framework. Industry needs more research in the
area of security and privacy to ensure that we don’t lose our fundamental right
of privacy in this modern era. Traditional approaches limited to verbal or
written agreements and two factor authentications does not provide solid
framework to handle security issue related to third parties. The existing
policies at workplace need to be customized or re devised, if required to deal
with the situation. We have 100 times more information present in these huge
data sets, which were not easily available to accessible a decade ago. These
huge datasets contains both confidential and sensitive information for
significant large number people/entities. One single breach to these huge
datasets leads to lose of data sensitive data for all these people/entities. It
is true that we have seen very useful applications around data in big data
world, which are continuously improving the way we live our life and how
business make better decisions but we cannot ignore the fact of possible loss
due to unauthorized access to this data. Moreover, any practices which involve
in uninformed data collection and sharing need to be tackled in the most
appropriate way so that we don’t lose our fundamental right of privacy. All the
big market players employ data mining practices to derive insights from the
collected data. Target marketing, one of the major areas of data analytics, is
one such example of how user activity is being tracked and used by e businesses
without any notable user agreement and consensus. We not only need to ensure
the data security and unauthorized data access from data hackers but we also
need some effective procedures to ensure the collection and mining of data in
the ethical manner without sacrificing the privacy of concerned entities.
We have seen continuous evolvement of
security technologies as additional vulnerabilities are realized by the
anticipated or past data breaches. However, with huge amount of data provided
by these massive data sets, we have more at stake and we need to be proactive
to ensure the level of security in Big Data era.
References: http://www.renci.org/wp-content/uploads/2014/02/0213WhitePaper-SMW.pdf
This is so nice blog.
ReplyDeleteInformation Security Projects For Final Year