May 14, 2014
One of the best things about big data is that it blows away the last vestiges of yesterday's perimeter- and endpoint-centric security paradigms. And about time: Half of all intrusions are detected at least 243 days after the attacker burrows in, says Mandiant's "Attack the Security Gap" report. Your network perimeter will be breached. Your applications will be breached. Your own employees will -- both wittingly and unwittingly -- violate your information security policies. If the rapid rise of smartphones and tablets didn't bring that into sharp focus, big data will.
Big data means terabytes, petabytes, and exabytes of data in all sorts of formats, getting transferred into many new and different software packages -- many of which treat security as a secondary or tertiary requirement. Big data also means the business wants up-to-the-hour (or more frequent) results, so forget about that iron-fisted control IT had over traditional data warehouse/business intelligence models. Any IT department that tries to hold to the security paradigms of 10, or even five, years ago will go the way of the slide-rule salesman. If you can't adapt, you aren't needed.
Security today is more difficult to navigate, it's more expensive, and there will be breaches no matter what we do. From a policy and budget perspective, the introduction of big data into an organization may be a tipping point for full adoption of modern security practices. It's time to get started. (S7940614)