Big Data and cloud computing are now firmly established concepts in the IT world. Businesses of all sizes understand that Big Data delivers insights that were previously difficult to get from the large stores of complex data that they collect each day. Organizations know that the cloud provides scalability, cost-efficiency, and flexibility.
However, what is equally important in a Big Data and cloud computing landscape is that security does not remain an afterthought. Consider for a moment the following security breaches, each of which took place in public or private cloud computing systems:
Financial behemoth Dow Jones implemented lackadaisical user access settings for its data stored in Amazon S3, resulting in the exposure of millions of customer details in 2017.
In the same year, the Republican party of the United States stored personal voter data for 198 million Americans on an unsecured AWS Amazon S3 server.
U.S. telecommunications giant Verizon also implemented weak user access controls for its data stored in the cloud, compromising 14 million customer records, including phone numbers and PIN codes.
JPMorgan Chase had its stored details on 83 million customers exposed in 2014 when hackers gained access to a server that didn’t have two-factor authentication.
The incidents highlighted above all arose from a similar trend—companies being in such a rush to implement cloud computing and Big Data solutions that they took a careless approach to security. When security becomes an afterthought, the potential for disaster increases drastically.
For 2018, it’s vital that your business considers the following six security concerns and takes appropriate preventative measures. When adopting cloud computing, or Big Data analytics solutions distributed across a range of environments, security must become a top priority.
1. Securing Trusted Environments
Big Data use is not restricted to the cloud—many organizations, particularly large companies, run Hadoop or NoSQL databases in trusted internal environments. While such environments are useful for combating external security threats, it’s vital to take measures to protect against insider attacks.
After all, it just takes one unhappy employee with access to a server to gain access to a company’s sensitive information and use that information to damage its reputation. However, complicity is not actually required for a successful insider attack, as the case of JPMorgan showed, when an employee’s stolen login credentials were enough to gain access to a server.
Securing trusted environments should incorporate techniques such as anomaly detection, in which an employee’s baseline interactions with Big Data systems are established, and any abnormal behavior such as accessing new directories can trigger alerts for closer scrutiny of such employees. It’s also advisable to use two-factor authentication for access to all servers and systems containing sensitive data.
2. Data Loss & Cloud Backups
It’s imperative to create data backups in on-premise systems because data security does not solely revolve around malicious threats: good data security also protects data from corruption or loss. However, it’s just as important to back up data stored in the cloud, because, after all, cloud computers are still vulnerable to natural disasters or cloud provider errors that result in potential data loss.
Software services exist, for example, that can create AWS snapshots automatically, making the whole cloud backup process extremely simple. If you use any AWS service, such as Amazon EC2 instances to run cloud applications, you can create AWS snapshots, allowing for easy disaster recovery and smooth business continuity. Similar third-party services exist for backing up data stored in other cloud provider systems.
3. Sufficient Access Management
Reading through the examples highlighted at the beginning of this article, you’ll have noticed that most serious breaches in the cloud occur due to incorrect identity/access management. Weak access configurations increase the probability of more successful attacks in addition to increasing the chances of data breaches due to employee errors.
Organizations must enforce a principle of least privileges for employees to minimize the potential damage a compromised account can do. Furthermore, any good identity and access management system must allow IT administrators to manage users across all enterprise systems, both cloud and on-premises, in a consistent, visible, and scalable manner.
4. Performing Due Diligence
Enterprises adopting Big Data and cloud computing because everyone else is doing it face the risk of adopting at such speed that they fail to perform due diligence on their chosen cloud providers.
By not jumping in the deep end, enterprises can examine and evaluate a range of cloud and Big Data solutions and vendors with a checklist of criteria, on which security must prominently feature.
5. Combating API Vulnerabilities
This particular challenge centers on the cloud vendors rather than the users of cloud services. Since cloud providers expose APIs to their users, allowing them to interact with the cloud provider’s services, the vendor has a responsibility to ensure their APIs are secure. Consistent scanning for and fixing of API vulnerabilities will remain a huge factor in the continued success of cloud computing.
6. Security Automation
Cloud adoption and the Big Data economy present a huge challenge for IT staff in continuously tracking data to identify, categorize, and protect highly sensitive information, such as personally identifiable information (PII), personal health information (PHI), and intellectual property.
Modern solutions leveraging innovative technologies such as machine learning can become stalwarts of the cloud computing security landscape by automating the typically labor-intensive task of understanding where sensitive data is stored and the methods used to access it. Such automated security solutions can even monitor the sensitive data and send alerts when suspicious usage patterns are detected, saving real headaches for IT security personnel.
While cloud computing and Big Data offer many positive benefits, they also present some unique security challenges. The truth is that cloud systems are much more secure now than at any point in time, and they continue to become more secure as adoption increases.
However, security is a two-way street, and the users of cloud computing platforms and Big Data systems have just as much of a role to play in data security as the vendors. By taking specific steps, such as to create AWS snapshots for disaster recovery, and following broader guidelines, like performing due diligence, enterprises can ensure the continued security of their data, regardless of the systems on which it’s processed, stored, and analyzed.