What will big data mean for information security?

One factor that many businesses will have to consider closely when adopting big data analytics policies will be how they ensure the data they collect is protected.

With organisations hugely increasing the amount of personal information they have on their customers, they will become tempting targets for cybercriminals. And as hacking techniques and malware have become much more sophisticated in recent years, IT security professionals are facing a fast-evolving arms race with the criminals.

It was noted by Information Age that the risks of ignoring this can be significant. Data breaches can seriously harm a company's reputation among customers, as well as leaving them open to legal repercussions – and the perils could be particularly great for businesses that have embraced big data.

The publication explained: "Big data contains a major amount of information that can lead to the identification of individual users – this means that a primary concern of big data usage is the privacy of users, but also that the consequences of a breach can be even more destructive than usual."

Therefore, it will be vital for organisations to take steps to achieve a balance between keeping information secure and making it available for in-depth analysis, so that it provides value to a business.

Information Age highlighted several factors and best practices that companies must consider when looking to protect their data. For instance, it noted that the importance of effectively anonymising information cannot be overlooked.

This needs to be completed to a standard acceptable to all parties, so anything that might be able to identify an individual is removed. But this is just the start, as just erasing unique identifiers does not guarantee the data will remain unidentified.

The next step will be effective encryption of the information, it was stated. This is one of the most secure ways of protecting data, but it does come with its own problems – particularly if firms are taking advantage of cloud computing for their data storage and processing.

Information Age explained that data sent to the cloud typically cannot be encrypted, in case the cloud needs to perform operations over the data. However, there are ways around this, such as using Fully Homomorphic Encryption (FHE).

"FHE is a way to sidestep the problem," the publication said. "With FHE, cloud data is capable of performing operations over encrypted data, resulting in the creation of new encrypted data."

Another step that must be taken if companies are using the cloud is establishing exactly who owns the information in question. At the same time, clear access controls must be defined and a 'trust boundary' needs to be determined between data owners and storage providers.

Companies also need to pay close attention to the software they are using to analyse their data. Information Age said that tools like Hadoop do not require any user authentication when left in their default settings. 

This can create major problems by exposing data to any unauthorised user that is able to gain access to a system, so it will be vital for organisations to delve into their software's settings to ensure some form of authentication is enabled.