The Security of Big Data: An Enterprise Perspective

24
BIG DATA, CLOUD, SECURITY, AND ODCA USAGE MODELS Ian Lamont BMW AG

TAGS:

description

Everyone knows that there are risks associated with moving enterprise data to a Cloud and everyone knows the huge potential that the analytics of Big Data can bring especially when using the Cloud, but what happens when these two converge. The presentation will discuss some of the security and privacy challenges associated with Big Data in the Cloud and will present a number of key initiatives that the ODCA have done to support enterprises that wish to take this step. To listen to the webinar based on this presentation with audio please visit the ODCA BrightTalk channel: https://www.brighttalk.com/webcast/9831/109843

Transcript of The Security of Big Data: An Enterprise Perspective

Page 1: The Security of Big Data: An Enterprise Perspective

BIG DATA, CLOUD, SECURITY, AND ODCA USAGE MODELS

Ian LamontBMW AG

Page 2: The Security of Big Data: An Enterprise Perspective

ODCA Big Data and Security Seminar | 2

BIG DATA (WIKIPEDIA)

Big Data is the term for a collection of data sets

so large that it becomes difficult to process

using hands-on database management tools

and processing applications. The challenges

include capture, curation, storage, search,

sharing, transfer, analysis, and visualisation.

Page 3: The Security of Big Data: An Enterprise Perspective

ODCA Big Data and Security Seminar | 3

CHALLENGES

• Privacy (particularly in Europe)- Security- Valid and fair usage- Right to be forgotten- Jurisdiction

Page 4: The Security of Big Data: An Enterprise Perspective

ODCA Big Data and Security Seminar | 4

BIG DATA (WIKIPEDIA)

Big Data is the term for a collection of data sets

so large that it becomes difficult to process

using hands-on database management tools

and processing applications. The challenges

include capture, curation, storage, search,

sharing, transfer, analysis, and visualisation.

Page 5: The Security of Big Data: An Enterprise Perspective

ODCA Big Data and Security Seminar | 5

BIG DATA SECURITY

Page 6: The Security of Big Data: An Enterprise Perspective

ODCA Big Data and Security Seminar | 6

PLATFORM SECURITY

• Provider Assurance Usage Model- Provides standard definitions of

Security for Cloud Services- Bronze, Silver, Gold, and Platinum.- Mirror internal security levels to

external requirements.

Page 7: The Security of Big Data: An Enterprise Perspective

ODCA Big Data and Security Seminar | 7

NETWORK AND FIREWALL ISOLATION

Network segregation and firewalls are required to protect all assets managed in the cloud. The level of involvement of the cloud provider in the management of firewall rule sets will vary depending on the level of service offered.

BronzeThe firewall rule sets are managed by the cloud provider with no direct involvement of the cloud subscriber.

SilverThe firewall rule sets are managed by the cloud provider with changes advised to the cloud subscriber before implementation. The cloud provider should offer network segmentation between logical tiers.

Gold

The firewall rule sets are managed by the cloud subscriber. The cloud provider retains access to the firewall at the administrator level in order to provide system maintenance. The cloud provider must offer network segmentation between logical tiers and should offer Layer-7 protection to prevent application-level attacks.

PlatinumThe cloud provider has no access to firewalls. All admin tasks including rule updates are managed by the cloud subscriber. The cloud provider must offer network segregation between logical tiers and Layer-7 protection to prevent application-level attacks.

Page 8: The Security of Big Data: An Enterprise Perspective

ODCA Big Data and Security Seminar | 8

VULNERABILITY MANAGEMENT

A vulnerability management process that ensures installation of system and software patches within the targets is identified below. The test process must ensure proper function of the patch and compatibility to the actual target systems with no negative impact on resource utilization (i.e., memory and CPU consumption).

BronzeVulnerabilities with a basic Common Vulnerability Scoring System (CVSS) score of greater than 9 (or those rated as High by Microsoft or other vendors) must be patched within 96 hours; all others within 1 month.

SilverVulnerabilities with a basic CVSS score of greater than 5 (or those rated as Medium or High by Microsoft or other vendors) must be patched within 96 hours; all others within 1 month.

GoldVulnerabilities with a basic CVSS score of greater than 2 (or those rated as Low, Medium, or High by Microsoft or other vendors) must be patched within 96 hours; all others within 1 month.

Platinum All vulnerabilities must be patched within 24 hours of their release by the vendor.

Page 9: The Security of Big Data: An Enterprise Perspective

ODCA Big Data and Security Seminar | 9

PLATFORM SECURITY

Page 10: The Security of Big Data: An Enterprise Perspective

ODCA Big Data and Security Seminar | 10

BIG DATA SECURITY

Page 11: The Security of Big Data: An Enterprise Perspective

ODCA Big Data and Security Seminar | 11

DATA SECURITY

• Encryption- Data at Rest- Data in Transit

• Data Masking- Anonymization and Pseudonymization

• Access Methods- User type profiling

• Backup, Restore, and Archiving

Page 12: The Security of Big Data: An Enterprise Perspective

ODCA Big Data and Security Seminar | 12

DATA LIFECYCLE

Page 13: The Security of Big Data: An Enterprise Perspective

ODCA Big Data and Security Seminar | 13

ACCESS POINTS

Page 14: The Security of Big Data: An Enterprise Perspective

ODCA Big Data and Security Seminar | 14

DATA FLOW 1

Page 15: The Security of Big Data: An Enterprise Perspective

ODCA Big Data and Security Seminar | 15

DATA FLOW 2

Page 16: The Security of Big Data: An Enterprise Perspective

ODCA Big Data and Security Seminar | 16

IDENTITY AND ACCESS MANAGEMENT

• Identity Provisioning• Governance and Auditing• Privileged User Access• Single Sign On

Page 17: The Security of Big Data: An Enterprise Perspective

ODCA Big Data and Security Seminar | 17

IDM BASIC MODEL

Page 18: The Security of Big Data: An Enterprise Perspective

ODCA Big Data and Security Seminar | 18

IDM CLOUD MODEL

Page 19: The Security of Big Data: An Enterprise Perspective

ODCA Big Data and Security Seminar | 19

IDM GOVERNANCE

Page 20: The Security of Big Data: An Enterprise Perspective

ODCA Big Data and Security Seminar | 20

OTHER ODCA COLLATERAL

• Security Monitoring• Interoperability• Guide to• SaaS Interoperability• Information as a Service• also Data Mgmt for Info_aaS• and much more ……

Page 21: The Security of Big Data: An Enterprise Perspective

ODCA Big Data and Security Seminar | 21

OTHER PROBLEMS / CHALLENGES !!!

• e-Discovery (UM coming soonish)• Data Ownership• plus anything else you can think of !

Page 22: The Security of Big Data: An Enterprise Perspective

ODCA Big Data and Security Seminar | 22

StandardizedResponse Checklists

Accelerate TTM

Shared Practices Drive Scale

Streamlined Requirements

Accelerate Adoption

Available to Members at: www.opendatacenteralliance.org

URL for Public content: www.opendatacenteralliance.org

MORE INFORMATION AND ASSETS

http://www.opendatacenteralliance.org/
http://www.opendatacenteralliance.org/
Page 23: The Security of Big Data: An Enterprise Perspective

ODCA Big Data and Security Seminar | 23

Go forth (securely) and Big Data

QUESTIONS

Artist: Thierry Gregorius

Page 24: The Security of Big Data: An Enterprise Perspective

ODCA Big Data and Security Seminar | 24

Thank you KiitosMerci

Gracias

Danke

GrazieArigato Gozaimas

www.opendatacenteralliance.org

http://www.opendatacenteralliance.org/

Big Data Perspective (Company Information)

Big Data Perspective (Company Information)

Big Data Ready Enterprise

Big Data Ready Enterprise

Big data introduction - Big Data from a Consulting perspective - Sogeti

Big data introduction - Big Data from a Consulting perspective - Sogeti

Social enterprise - economic perspective

Social enterprise - economic perspective

An Enterprise Perspective on Cloud Innovation

An Enterprise Perspective on Cloud Innovation

Big Data & the Enterprise

Big Data & the Enterprise

How big is big. A different perspective

How big is big. A different perspective

Big data perspective solution & technology

Big data perspective solution & technology

Risk Management: an enterprise perspective

Risk Management: an enterprise perspective

Operation Liftoff - From An Enterprise Perspective

Operation Liftoff - From An Enterprise Perspective

Mobilizing the Enterprise - The SAP perspective

Mobilizing the Enterprise - The SAP perspective

Industry Perspective: Big Data and Big Data Analytics · Industry Perspective: Big Data and Big Data Analytics David Barnes Program Director Emerging Internet Technologies IBM Software

Industry Perspective: Big Data and Big Data Analytics · Industry Perspective: Big Data and Big Data Analytics David Barnes Program Director Emerging Internet Technologies IBM Software

A Common Perspective on Enterprise Architecture

A Common Perspective on Enterprise Architecture

Hub16: Deloitte perspective: Next Generation Enterprise

Hub16: Deloitte perspective: Next Generation Enterprise

Enterprise Winning: Big Companies Getting Value from Enterprise Social

Enterprise Winning: Big Companies Getting Value from Enterprise Social

An Enterprise Perspective

An Enterprise Perspective

Enterprise development from a BEE perspective

Enterprise development from a BEE perspective

Joint Technology Gaps An Enterprise Perspective

Joint Technology Gaps An Enterprise Perspective

Developing Enterprise Applications A technology perspective

Developing Enterprise Applications A technology perspective

Understanding big data, a business perspective

Understanding big data, a business perspective