Big Data Security Management
Handbook of Research
on Trends and Future
Directions in Big Data and
Web Intelligence
Noor Zaman
King Faisal University, Saudi Arabia
Mohamed Elhassan Seliaman
King Faisal University, Saudi Arabia
Mohd Fadzil Hassan
Universiti Teknologi PETRONAS, Malaysia
Fausto Pedro Garcia Marquez
Campus Universitario s/n ETSII of Ciudad Real, Spain
A volume in the Advances in Data Mining and
Database Management (ADMDM) Book Series
Managing Director:
Managing Editor:
Director of Intellectual Property & Contracts:
Acquisitions Editor:
Production Editor:
Development Editor:
Cover Design:
Lindsay Johnston
Keith Greenberg
Jan Travers
Kayla Wolfe
Christina Henning
Caitlyn Martin
Jason Mull
Published in the United States of America by
Information Science Reference (an imprint of IGI Global)
701 E. Chocolate Avenue
Hershey PA, USA 17033
Tel: 717-533-8845
Fax: 717-533-8661
E-mail: cust@igi-global.com
Web site: http://www.igi-global.com
Copyright © 2015 by IGI Global. All rights reserved. No part of this publication may be reproduced, stored or distributed in
any form or by any means, electronic or mechanical, including photocopying, without written permission from the publisher.
Product or company names used in this set are for identification purposes only. Inclusion of the names of the products or
companies does not indicate a claim of ownership by IGI Global of the trademark or registered trademark.
Library of Congress Cataloging-in-Publication Data
Handbook of research on trends and future directions in big data and web intelligence / Noor Zaman, Mohamed Elhassan
Seliaman, Mohd Fadzil Hassan, and Fausto Pedro Garcia Marquez, editors.
pages cm
Includes bibliographical references and index.
ISBN 978-1-4666-8505-5 (hardcover) -- ISBN 978-1-4666-8506-2 (ebook) 1. Big data. 2. Cloud computing. 3. Natural
language processing. I. Zaman, Noor, 1972- editor.
QA76.9.D32H36 2015
005.7--dc23
2015010287
This book is published in the IGI Global book series Advances in Data Mining and Database Management (ADMDM)
(ISSN: 2327-1981; eISSN: 2327-199X)
British Cataloguing in Publication Data
A Cataloguing in Publication record for this book is available from the British Library.
All work contributed to this book is new, previously-unpublished material. The views expressed in this book are those of the
authors, but not necessarily of the publisher.
For electronic access to this publication, please contact: eresources@igi-global.com.
53
Chapter 3
Big Data Security Management
Zaiyong Tang
Salem State University, USA
Youqin Pan
Salem State University, USA
ABSTRACT
Big data is a buzzword today, and security of big data is a big concern. Traditional security standards
and technologies cannot scale up to deliver reliable and efective security solutions in the big data environment. This chapter covers big data security management from concepts to real-world issues. By
identifying and laying out the major challenges, industry trends, legal and regulatory environments,
security principles, security management frameworks, security maturity model, big data analytics in
solving security problems, current research results, and future research issues, this chapter provides
researchers and practitioners with a timely reference and guidance in securing big data processing,
management, and applications.
INTRODUCTION
Big Data has become an entrenched part of discussions of new development in information technology,
businesses, governments, markets, and societies in recent years. It has inspired noteworthy excitement
about the potential opportunities that may come from the study, research, analysis, and application of
big data. However, accompanying those enticing opportunities and prospective rewards, there are significant challenges and substantial risks associated with big data. One of the biggest challenges for big
data is increased security risk.
Security for big data is magnified by the volume, variety, and velocity of big data. With the proliferation of the Internet and the Web, pervasive computing, mobile commerce, and large scale cloud
infrastructures, today’s data are coming from diverse sources and formats, at a dynamic speed, and in
high volume. Traditional security measures are developed for clean, structured, static, and relatively low
volume of data. Undeniably, big data presents huge challenges in maintaining the integrity, confidentiality, and availability of essential data and information.
DOI: 10.4018/978-1-4666-8505-5.ch003
Copyright © 2015, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
Big Data Security Management
At the same time as big data is gaining momentum in the networked economy, security attacks are
on the rise. Security perpetrators are becoming more sophisticated, wide-spread, and organized. As
businesses and other organizations are moving towards a more open, user-centric, agile, and hyper connected environment that fosters intelligence, communication, innovation, and collaboration, attackers
are eager to exploit the intrinsic vulnerabilities that come with open and dynamic systems. Since big
data are generated by those systems, and newly developed big data infrastructures such as NoSQL databases, cloud storage, and cloud computing have not been thoroughly scrutinized for their capability of
safeguarding data resources, information security presents a formidable challenge to big data adaptation
and management.
By identifying and laying out the major challenges, issues, industry trends, framework, maturity model,
and fundamental principles of big data security, this chapter will provide researchers and practitioners
with a timely reference and guideline in securing big data processing, management, and applications.
BACKGROUND
Big Data is generally considered to have three defining characteristics: volume, variety and velocity
(Zikopoulos, et al. 2012). When at least one of the dimensions is significantly high, the data is labeled
big. Traditional techniques and technologies are not sufficient to handle big data. With the enormous
size, speed, and/or multiplicity, big data processing requires a set of new forms of technologies and approaches to achieve effective decision support, insight discovery, and process optimization (Lancy, 2001).
Although the three V’s of big data definition has wide acceptance, recently, there have been attempts
to expand the dimension of big data to include value and veracity (Demchenko, et al., 2013). The value
dimension of big data deals with drawing inferences and testing hypothesis, and the veracity dimension
is about authenticity, accountability, availability, and trustworthiness. Some researchers (e.g., Biehn,
2013) have suggested adding value and viability to the three V’s.
Although big data has been discussed for over a decade since 2000, interest in big data has only experienced significant growth in the last few years. Figure 1 shows the Google search interest for the search
term “Big Data” from January 2004 to June 2014. The figure does not show actual search volume. The
y axis represents search interest relative to the highest point, with the highest point being scaled to100.
For more historical information about big data, the reader is referred to Press (2013), which documents
the history of big data that dates back to the 1940s.
Soon after the interest in big data has gained significance, the search interest in big data security and
big data privacy has also experienced remarkable growth. Figure 2 shows the Google search interest
for the search term “Big Data Security” (top line) and “Big Data Privacy” (bottom line) from January
2011 to June 2014.
In order to clearly articulate, define, and build the big data ecosystem, there has been a concerted
effort to develop big data architecture by both standard organizations such as National Institute of Standards and Technology (NIST) and major information technology companies such as IBM, Microsoft, and
Oracle. Demchenko et al. (2013) consolidated previous models of big data architectures and proposed
a Big Data Architecture Framework. This framework consists five key components of the big data ecosystem: Data Models, Big Data Management, Big Data Analytics and Tools, Big Data Infrastructure,
54
Big Data Security Management
Figure 1. Big Data Web Search Interest, January 2004 – June 2014
Source: Google Trends
Figure 2. Big Data Security/Privacy Web Search Interest, January 2011 – June 2014
Source: Google Trends
and Big Data Security. Data model defines the type and structure of data. Big data management deals
with the planning, monitoring, and managing the big data life cycle. Big data infrastructure consists
hardware, software, and technology services (often cloud based), including security infrastructure that
establish access control, confidentiality, trust, privacy, and quality of service. Big data security goes
55
Big Data Security Management
beyond the security infrastructure to provide security lifecycle management, security governance, policy
and enforcement, fraud detection and prevention, risk analysis and mitigation, and federated access and
delivery infrastructure for cooperation and service integration. A more specific security framework was
proposed by Zhao et al. (2014) for big data computing across distributed cloud data centers.
BIG DATA SECURITY MANAGEMENT
The complexity resulting from the five dimensions (5 V’s) of big data makes the management of big
data more challenging than traditional database or knowledge base management. Major challenges in
handling big data include storage challenge, which must deal with increased size, cost, and scalability
requirements; network challenge, which involves the accessibility, reliability, and security of obtaining and
sharing data with both internal constituents as well as external customers, suppliers, and other partners;
data integrity challenge, which necessitates data authentication, validation, consistency checking, and
backup; and metadata challenges, which requires the establishment of data ontologies and data governance.
The NIST defines information security as “The protection of information and information systems
from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide
confidentiality, integrity, and availability.” (NIST, 2013)
Although security and privacy principles for traditional data can be applied to big data, hence many
of the existing security technologies and best practices can be extended to the big data ecosystem, the
different characteristics of big data require modified approaches to meet the new challenges to effective
big data management. There are several areas in which big data faces different or higher risk than traditional data. Higher volume translates into higher risk of exposure when security breach occurs. More
variety means new types of data and more complex security measure. Increased data velocity implies
added pressure for security measures to keep up with the dynamics and faster response/recovery time.
Most organizations are just starting to embrace big data, thus the big data governance and security
policy are likely not at a high level of maturity, which is also a reflection of the immaturity of the big
data industry and bid data ecosystem.
Security and Privacy Legal Requirements
Big data as a relative new paradigm needs new laws and regulations to safeguard security and privacy. In
general, the legal system is still immature and unbalanced in the global environment. The United States
and the European Union have a number of laws regarding information privacy and security. Those in
the US include the Privacy Act of 1974, The Privacy Protection Act (PPA) of 1978, The Health Insurance Portability and Accountability Act (HIPPA) of 1996, The Children’s Online Privacy Protection Act
(COPPA) of 1998, The Children’s Internet Protection Act (CIPA) of 2001, The Electronic communications
Privacy Act (ECPA) of 1986, and The Federal Information Security Management Act (FISMA) of 2002.
In Europe, the United Kingdom passed the Data Protection Act (DPA) in 1998. The law regulates data
processing on personal identifiable information (PII). The European Union adopted The Data Protection
Directive in 1995, which governs personal data processing within the European Union. The European
Union Internet Privacy Law was ratified in 2002. A new security and privacy law, The European General
Data Protection Regulation, was drafted in 2012, which supersedes the Data Protection Directive. The
Federal Assembly of the Swiss Confederation passed the Federal Act on Data Protection (FADP) in 1992.
56
Big Data Security Management
The Privacy and Data Security Law Deskbook (Sotto, 2013) provides coverage of major International laws of information security and privacy, including United States, European Union, Australia,
and Singapore. The book offers practical guidance and explanation of different aspects of security and
privacy issues in different legal environments, and serves as a comprehensive guide on international
security and privacy topics. For new developments and general information about changes in privacy
and security, the Privacy and Information Security Law Blog provides current coverage of global privacy
and cybersecurity law updates and analysis.
Big Data Security Challenges
Security has become an increasing concern as more and more people are connected to the global network
economy. According to the Internet Live Stats website, the number of worldwide Internet users is approaching three billions (Internet Users). There has never been a lack of security attacks, from the early
days of telephone phracker to modern time cyber criminals. As the big data increases in volume, speed,
and variety, the likelihood that data breach is expected to increase significantly. Recently, it is estimated
that the average security breaches results in a loss of $40 million for American companies (Rowe, 2012).
Symantec, an Internet security firm, estimated that the worldwide cybercrime cost is over $100 billion
more than the cost of illegal drug market.
The 2014 first quarter IBM X-Force Threat Intelligence Quarterly report (IBM, 2014) states that
attackers seeking for valuable data will spare no effort in looking for security vulnerability. They will
devise new tools or revitalize old techniques to break the security defense system. IBM X-Force Research
actively conducts security monitoring and analysis of global security issues. It has built a database of
more than 76,000 computer security vulnerabilities. Cloud Security Alliance (2013a) publishes anneal
top security threats in cloud computing.
Figure 3 shows the most common attack types based on data collected in 2013. Undisclosed attack
involves those either using nascent tools/techniques or those were not identified by the intrusion detection
Figure 3. Most Common Attack Types in 2013
Source: IBM X-Force Threat Intelligence Quarterly (2014)
57
Big Data Security Management
system. The most common attack among those known types is the distributed denial of service (DDoS)
attack. SQL injection is a code injection technique targeting databases or data-driven applications. Watering hole is a computer attack method first described by the RSA security firm in 2012. This attack aims
at a particular group of organizations and penetrates the group via infecting some group members who
frequent certain targeted websites. Cross-site scripting is used by attackers to inject client-side scripts
into Web pages visited by website users. Malicious activities can be carried out through the injected
client-site scripts. Phishing is commonly used by attackers masquerading as a trustworthy entity to gain
access to personal information such as username, passwords, and/or credit card data. A targeted phishing
attack directed at specific individuals or organizations is referred to as spear phishing.
The volume of data continues to grow exponentially, the majority of big data is unstructured. Those
unstructured data must be formatted and processed using big data technologies such as Hadoop. Unfortunately, Hadoop was not developed with enterprise applications and security in the blue print. It
was designed to format large volume of unstructured data such as those available on publicly accessible
websites. The original purpose did not include security, privacy, encryption, and risk management.
Organizations using Hadoop clusters must implement additional enterprise security measures such as
access control and data encryption. As Hadoop has become a widely adopted technology in the enterprise big data applications, its insufficiency in enterprise security must be recognized. A new unified
security model for big data is needed.
Traditional data security technologies were developed around databases or data centers that typically
have a single physical location, while big data is typically in distributed, large scale clusters. For example,
a Hadoop cluster may consist of hundreds or thousands of nodes. As a result, traditional backup, recovery,
and security technologies and systems are not effective in big data environment.
Big data is a new paradigm in data science and data applications. New security measures are needed
to protect, access, and manage big data. Comprehensive security policies and procedures need to expend
from structured data in traditional databases and data warehouses to the new big data environment.
Sensitive data needs to be flagged, encrypted, and redacted in NoSQL databases, and their access needs
to be granularly controlled. All access to those data by either users or applications needs to be logged
and reported.
The Big Data Working Group of the Cloud Security Alliance (2013) listed the top ten security and
privacy challenges for big data. Those ten challenges are organized into four categories of the big data
ecosystem: 1) Infrastructure Security, 2) Data Privacy, 3) Data Management, and 4) Integrity and Reactive Security. Note that the top ten challenges were developed based on a list of high priority security
and privacy problems identified by Could Security Alliance members and security trade journals. The
big data working group then studied published solutions and selected those problems without established
or effective solutions.
Big Data Security Framework
There are several security frameworks that have been adopted, such as NIST Cybersecurity Framework,
Control Objectives for Information and Related Technology (COBIT), and the information security
management system (ISMS) established by the International Standards Organization (ISO 27000). A
security framework establishes principles, guidelines, standards, and a set of preferred practices for
58
Big Data Security Management
Table 1. Top Ten Big Data Security and Privacy Challenges
Big Data Challenge
Use Case Example
Secure computations in distributed programming
frameworks
Prevent untrusted mappers from snooping on requests or alter scripts/results.
Security best practices for non-relational data
stores
Migrate from traditional relational databases to NoSQL databases that are more
suitable to process large volume dynamic data.
Secure data storage and transactions logs
Adopt an auto-tier storage system which prioritizes data storage by putting less
utilized data to a lower tier.
End-point input validation/filtering
Develop effective algorithms to validate input data from diverse and dynamic data
sources
Real-time security monitoring
Implement real-time security analytics that support real-time monitoring, querying,
and decision making.
Scalable and composable privacy-preserving
data mining and analytics
Improve scalable privacy-preserving data mining algorithms and prevent untrusted
user from accessing sensitive data.
Cryptographically enforced data centric security
Design innovative techniques to index, analyze, and process encrypted data with
diverse sources. Maintain data confidentiality and integrity
Granular access control
Establish access control at a granular scale so that individual user roles and
responsibilities can be set to access only authorized data, functions, or services
Granular audits
Update auditing with extended scope and granularity for real-time security and
meeting compliance requirements
Data provenance
Keep track of metadata of data creation to support effective digital forensic and
compliance auditing
(Adopted from Cloud Security Alliance, 2013b)
organizations to analyze, plan, design, and implement security information systems. ISO 27000 is the
only framework that organizations can adopt and being certified by a third party once the set of standards
such as security policy, asset management, cryptography, access control are satisfied.
The ISO 27000 consists a series of standards. Disterer (2013) discussed the ISO/IEC 27000, 27001
and 27002 for information security management, and concluded that The ISO 27000, 27001 and 27002
standards can serve as a framework to design and operate an information security management system.
Those standards have been widely disseminated in Europe and Asia. It is expected that the adaptation
of standards-based security framework will increase significantly in the future due the rising challenges
in in information security and privacy.
The ISO 27000 standard was developed in 2009 and continues to evolve to meet the new challenges
in the security industry (ISO 27000, 2009, 2012, 2014). Plan-Do-Check-Act, the classic quality management framework for the control and continuous improvement, forms the basis for security management
in ISO 2700. Although the current ISO 27000 standard does not provide specific provisions for big data
security, we expect that future versions will add this important coverage.
Figure 4 shows a general big data security management (BDSM) framework we adopted from the
Plan-Do-Check-Act Deming cycle. The Design/Planning phase defines, identifies, and evaluates security
risk, and develop appropriate policies, procedures, control, and measure according to desired security
level. This phase also includes a security modeling that builds a threat model and lays out strategies for
most security/privacy breach scenarios. The design blueprint will be turned into operational systems at
the implementation phase. The operation phase delivers the desired functions and services with security
and privacy protection and compliance to laws and regulations. The monitoring and auditing phase mea-
59
Big Data Security Management
Figure 4. Big Data Security Management Framework
sures key performance indicators against designed objectives and provides feedback and performance
reports. The deficiencies identified at the monitoring stage will be used as input for big data security
system redesign, quality control, and continuous improvement.
Successful adoption of a security management framework is critical in helping organizations to identify and assess information security risks, apply suitable controls, adequately protect information assets
against security breaches, and to achieve and maintain regulatory compliance. The ISO 27000 stipulates
that information security management framework must deliver the following desirable outcomes (ISO/
IEC 27000, 3rd Ed., 2014):
1.
2.
3.
4.
5.
Meeting the security requirements of all stake holders;
Advancing the organization’s security/privacy plans and activities;
Achieving the organization’s information security/privacy objectives;
Compliance to laws, regulations, and industry mandates;
Facilitating continuous improvement towards achieving organizational goals.
Demchenko, Ngo, and Membrey (2013) proposed a big data security framework that focuses on data
centric security. The key components in their framework consist of security lifecycle, granular access
control, encryption enforced access control, trusted environment, and federated access and delivery infrastructure (FADI) for cooperation and services integration. The critical success factors to successful
adaptation and implementation of the framework include security policy and procedures that are aligned
with organizational security objectives, commitment from management and stakeholders, information
security awareness, training and education, security incident management, business continuity plan, and
monitoring and feedback.
60
Big Data Security Management
Big Data Security Principles
Cavoukian (2013) has developed a widely recognized framework for information privacy—Privacy by
Design. The central theme of Privacy by Design is that in the age of big data, privacy cannot be assured
just by compliance with laws and regulations. Privacy must be ingrained in organizational design, and
hence becoming the default mode of operation. The seven principles of privacy proposed by Cavoukian
can be readily modified and adopted for big data security. We propose nine foundational principles for
big data security:
1.
2.
3.
4.
5.
6.
7.
8.
9.
Preventative and proactive security;
Security by default—minimal access privilege;
Security embedded into design and operation;
Defense in depth;
End-to-end security;
Visibility and transparency for trustworthiness;
User-centric;
Real-time monitoring;
Accountability and traceability.
Protective measures or subsystems consist of deterrence, avoidance, prevention, mitigation, detection, response, recovery, and correction should be part of the big data security management system. The
big data security best practices suggested by the Association for Data-driven Marketing & Advertising
(ADMA, 2013) include the following:
1.
2.
3.
4.
5.
Implementation of end-to-end security measures;
Implementation of encryption and key management protocols and systems;
Implementation of layered security;
Assessment and implementation of vulnerability penetration testing;
Clear communication of security policies and the consequences for non-compliance.
Big Data Security Maturity Model
A useful approach for assessing organization’s preparedness for big data security is a big data security
maturity model. The idea of a maturity model is popularized by the Software Engineering Institute (SEI)
at Carnegie Mellon University after they proposed the Capability Maturity Model (Paulk, et al., 1995).
The classic capacity maturity model has five level: initial, repeatable, defined, managed, and optimizing.
According to ESI, the software development predictability, effectiveness, and manageability improve as
the organization moves up the maturity levels. The capacity maturity model has been adopted in various
fields other than software development. For example, business process maturity model, risk maturity
model, privacy maturity model, etc.
Figure 5 shows a bid data security management maturity model we adopted from the capacity maturity
model. Along the maturity spectrum, at the very beginning, Nonexistent, there is no awareness of big data
security risk and challenges. In the Initial stage, the organization has recognized the importance of big
data security management in the face of big data security challenges. It is the starting point of deploying
61
Big Data Security Management
Figure 5. Big Data Security Management Maturity Model
new or undocumented processes. This stage is characterized by ad hoc, or even chaotic approaches and
unpredictable results. In the Developing stage, a broad assessment of big data security risk is carried out
and certain key areas have implemented, and big data security processes documented. At the Defined
level, the big data security processes are standardized and imbedded in routing business operations. At
the Managed level, performance metrics are established and big data security processes are measured
against the performance metrics and continuous improvement is embedded into the operations. Finally,
at the Optimizing level, big data security processes are fine-tuned to achieve optimal results, delivering
the highest level of security within the resource constraints.
Big Data for Security Industry
Although there are many challenges in big data management and applications, there are also many opportunities presented by big data that lead to new discoveries, insights, and innovative applications. In the
security industry, big data analytics has helped organizations to proactively identify and predict security
attacks (Hipgrave, 2013). With the advancement of big data analytics, organizations will be able to collect
and analyze large volume of data from various unstructured data sources such as email, social media,
e-commerce transactions, bulletin boards, surveillance video feeds, Internet traffic, etc. Forward-looking
organizations are moving beyond traditional security measures to safeguard their coveted information
assets. Big data security monitoring and analytical tools can be a valuable aid to security professionals
and law enforcement in their fighting against cyber criminals. An example of such an application is to
analyze data in confluence and in motion to detect cyber fraud/attack before serious damage occurs.
Big data security should not be an afterthought, even though the security industry is often playing catch
up with the perpetrators. Those organizations that adopt big data security framework and follow big data
security principles will be able to take advantage of big data analytics and be able to predict, detect, act,
respond, and recover quickly from security breaches. Once the organization reaches sufficient big data
security maturity level, it will be in a solid position to fight against all known security attacks. It is even
possible that the organization is able to anticipate and mitigate new/unforeseen threats. Common big data
analytics applications in security and public safety include crime analysis, computational criminology,
terrorism informatics, open-source intelligence, and cyber security (Chen, Chiang, and Storey, 2012).
62
Big Data Security Management
RESEARCH ISSUES AND DIRECTIONS
Big data security is of great interest to security practitioners as well as academic researchers. Many believe
that we have entered the era of big data that offers enormous opportunities for transforming data science
and data driven research and applications. With the advancement of big data technologies, infrastructure,
data mining, business intelligence, and big data analytics, researchers and business analysts are able to
gain more insights about big data security challenges, risk assessment and mitigation, and be able to
develop more effective business solutions (Chang, Kauffman, and Kwon, 2014).
However, we are still at the ground level of big data paradigm shift. There are still many unsolved
issues in big data security management. Most traditional security tools and technologies do not scale
and perform well in big data environments. Substantial effort is needed to develop a holistic and robust
big data security ecosystem. Some pioneering work has been done (Demchenko, Ngo, and Membrey,
2013; Disterer, 2013). However, there are still lingering questions such as: Is cloud computing the right
infrastructure to support big data storage and processing? Is the architectural flexibility of NoSQL databases amenable to trustworthy big data security? How can we trust big data that come from a variety
of untrusted input sources? Will big data “usher in a new wave of privacy incursions and invasive marketing”? (Boyd and Crawford, 2012) How do we balance the need for big data security and usability?
It is important for security professionals, regulatory bodies, law enforcement, and big data service
providers as well as users to keep in mind, while we try to address those questions, big data security
continues to evolve as the five V’s of the big data ecosystem are constantly changing and increasing.
More and more people will be involved with big data research and development, services, applications,
and consumptions. No doubt that the number of people interested in exploiting the big data with malicious intent is also increasing.
As discussed in the previous section, there are many challenges in big data security and privacy. Here
we list some key research issues facing big data researchers and practitioners:
1.
2.
3.
4.
5.
6.
7.
Robust security standards designed and developed for big data from the ground up. The lack of
established security standards has resulted in some vendors involved with big data systems such
as NoSQL solutions to develop ad-hoc security measures.
Built-in security at the granular level. This has the potential to allow security control and management with surgical precision.
A big data security architecture that provides a security framework to integrate diverse security
technologies that are available today, but do not work coherently together. Rather than piecemeal
and separate solutions, we need a holistic approach to deal with current and emergent security
threats.
Continue the development of the big data ecosystem, of which big data security is a key component. Security should be deep-rooted in all aspects of the big date lifecycle, that includes sourcing,
storage, process, analysis, and delivery of results to targeted applications.
Reshape the cloud infrastructure for better big data security and trustworthiness, in order to alleviate the concern that big data security and privacy are cloudy in the cloud.
Continue the promising research in addressing information technology/system security problems
using big data and big data analytics.
Real-time big data security analytics that integrates natural and artificial intelligence for advanced
security threat analysis, prediction, detection, tracking, and response.
63
Big Data Security Management
CONCLUSION
It is evident that big data is with us today and it is going to have a significant impact on governments,
businesses, societies, and individuals in the future. As we embrace the opportunities brought by big
data, we must also be keenly aware of the security challenges associated with big data infrastructure and
applications. In this chapter, we explored the concepts of big data security, presented big data security
management frameworks, summarized big data security challenges, identified big data security principles, and suggested a big data security maturity model. Furthermore, we discussed the application of
big data analytics in solving security related problems.
Although big data security is immature today, we believe, with concerted effort from industries,
governments, academicians, and practitioners, big data security will improve over time to meet those
challenges discussed in this chapter. Similar to the case of Internet security, which is an afterthought when
the need for security became critical and evident. The initial Internet architecture had little consideration
for security and privacy. However, as Internet and the World-wide Web grew exponentially in the 1990s,
multi-layer Internet security protocols were developed and those security standards helped facilitating
the growth of the Internet and Internet applications. We are optimistic that big data security will follow
a similar path. This chapter provides basic concepts, principles, challenges, and current issues of big
data security. We hope it serves as a launching pad for advancing big data security research in the future.
REFERENCES
ADMA. (2013). Best Practice Guideline: Big Data. A guide to maximising customer engagement opportunities through the development of responsible Big Data strategies. Retrieved from: http://www.
adma.com.au
Biehn, N. (2013). The Missing V’s in Big Data: Viability and Value. WIRED.com Retrieved from: http://
www.wired.com/insights/2013/05/the-missing-vs-in-big-data-viability-and-value/
Boyd, D., & Crawford, K. (2012). Critical Questions for Big Data: Provocations for a Cultural, Technological, and Scholarly Phenomenon. Information Communication and Society, 15(5), 662–675. doi:
10.1080/1369118X.2012.678878
Cavoukian, A. (2013). Big Privacy: Bridging Big Data and the Personal Data Ecosystem Through Privacy by Design. Retrieved from http://www.privacybydesign.ca/
Chang, R. M., Kauffman, R. J., & Kwon, Y. (2014). Understanding the paradigm shift to computational social science in the presence of big data. Decision Support Systems, 63, 6780. doi:10.1016/j.
dss.2013.08.008
Chen, H., Chiang, R. H., & Storey, V. C. (2012). Business Intelligence and Analytics: From Big Data
to Big Impact. Management Information Systems Quarterly, 36(4), 1165–1188.
Cloud Security Alliance. (2013a). The Notorious Nine Cloud Computing Top Threats in 2013. Retrieved from
https://cloudsecurityalliance.org/download/the-notorious-nine-cloud-computing-top-threats-in-2013/
64
Big Data Security Management
Cloud Security Alliance. (2013b). Expanded Top Ten Big Data Security and Privacy Challenges. Big
Data Working Group. Retrieved from https://cloudsecurityalliance.org/research/big-data/
COBIT. (n.d.). Retrieved from https://cobitonline.isaca.org/
NIST Cybersecurity Framework. (n.d.). Retrieved from http://www.nist.gov/cyberframework/
Demchenko, Y., Grosso, P., de Laat, C., & Membrey, P. (2013). Addressing big data issues in Scientific
Data Infrastructure. In Proceedings of the International Conference on Collaboration Technologies and
Systems (CTS). IEEE. doi:10.1109/CTS.2013.6567203
Demchenko, Y., Ngo, C., & Membrey, P. (2013). Architecture Framework and Components for the Big
Data Ecosystem. Retrieved from http://www.uazone.org/demch/worksinprogress/sne-2013-02-techreportbdaf-draft02.pdf
Disterer, G. (2013). ISO/IEC 27000, 27001 and 27002 for Information Security Management. Journal
of Information Security, 4(2), 92–100. doi:10.4236/jis.2013.42011
Gartner Group. (2012). Gartner Says Big Data Creates Big Jobs: 4.4 Million IT Jobs Globally to Support Big Data By 2015. Retrieved from http://www.gartner.com/newsroom/id/2207915
Google Trends. (n.d.). Retrieved from http://www.google.com/trends/
Hipgrave, S. (2013). Smarter fraud investigations with big data analytics. Network Security, 2013(12),
7–9. doi:10.1016/S1353-4858(13)70135-1
IBM. (2014). IBM X-Force Threat Intelligence Quarterly, IBM Security Systems. First Quarter 2014.
Retrieved from: http://www-03.ibm.com/security/xforce/
Internet Users. (n.d.). Retrieved from http://www.internetlivestats.com/internet-users/
ISO 27000. (2009, 2012, 2014). Information Technology, Security Techniques, Information Security
Management Systems, Overview and Vocabulary. International Organization for Standardization ISO,
Geneva. Retrieved from: http://www.iso27001security.com/html/27000.html
ISO 27000. (n.d.). Retrieved from http://www.27000.org/
Laney, D. (2001). 3D Data Management: Controlling Data Volume, Velocity, and Variety. Gartner
Group. Retrieved from: http://blogs.gartner.com/doug-laney/files/2012/01/ad949-3D-Data-ManagementControlling-Data-Volume-Velocity-and-Variety.pdf
Laney, D. (2012). Deja VVVu: Others Claiming Gartner’s Construct for Big Data. Gartner Group.
Retrieved from: http://blogs.gartner.com/doug-laney/deja-vvvue-others-claiming-gartners-volumevelocity-variety-construct-for-big-data/
MacDonald, N. (2012). Information Security Is Becoming a Big Data Analytics Problem. Gartner Report.
Retrieved from https://www.gartner.com/doc/1960615/information-security-big-data-analytics
NIST. (2013). Glossary of Key Information Security Terms, NISTIR 7298, Revision 2. Retrieved from:
http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf
65
Big Data Security Management
Paulk, M. C., Weber, C. V., Curtis, B., & Chrissis, M. B. (1995). The Capability Maturity Model: Guidelines
for Improving the Software Process. SEI series in software engineering. Reading, MA: Addison-Wesley.
Press, G. (2013). A Very Short History of Big Data. Forbes Magazine. Retrieved from: http://www.
forbes.com/sites/gilpress/2013/05/09/a-very-short-history-of-big-data/
Privacy and Information Security Law Blog. (n.d.). Retrieved from https://www.huntonprivacyblog.com/
Rowe, N. (2012). The Big Data Imperative: Why Information Governance Must be Addressed. Aberdeen
Group Research Report.
Shmueli, G., & Koppius, O. R. (2011). Predictive Analytics in Information Systems Research. Management Information Systems Quarterly, 35(3), 553–572.
Sotto, L. J. (2013). Privacy and Data Security Law Deskbook. Frederick, MD: Aspen Publishers.
Zhao, J., Wang, L., Tao, J., Chen, J., Sun, W., Ranjan, R., & Georgakopoulos, D. et al. (2014). A security framework in G-Hadoop for big data computing across distributed Cloud data centres. Journal of
Computer and System Sciences, 80(5), 994–1007. doi:10.1016/j.jcss.2014.02.006
Zikopoulos, P. C., Eaton, C., deRoos, D., Deutsch, T., & Lapis, C. (2012). Understanding big data –
Analytics for enterprise class Hadoop and streaming data. New York, NY: McGraw Hill.
KEY TERMS AND DEFINITIONS
Big Data: Unstructured date with five characteristics: volume, velocity, variety, veracity, and value.
Big Data Security: The protection of big data from unauthorized access and ensure big data confidentiality, integrity, and availability.
Big Data Security Framework: A framework designed to help organizations to identify, assess,
control, and manage big data security and maintain regulatory compliance.
Big Data Security Maturity Model: A multi-level model used to help organizations to articulate
where they stand in the spectrum of big date security, from nonexistent to optimality.
Privacy: An individual’s right to safeguard personal information in accordance with law and regulations.
Security: A state of preparedness against threats to the integrity of the organization and its information resources.
Security Attack: An attempt to gain unauthorized access to information resource or services, or to
cause harm or damage to information systems.
66
on Trends and Future
Directions in Big Data and
Web Intelligence
Noor Zaman
King Faisal University, Saudi Arabia
Mohamed Elhassan Seliaman
King Faisal University, Saudi Arabia
Mohd Fadzil Hassan
Universiti Teknologi PETRONAS, Malaysia
Fausto Pedro Garcia Marquez
Campus Universitario s/n ETSII of Ciudad Real, Spain
A volume in the Advances in Data Mining and
Database Management (ADMDM) Book Series
Managing Director:
Managing Editor:
Director of Intellectual Property & Contracts:
Acquisitions Editor:
Production Editor:
Development Editor:
Cover Design:
Lindsay Johnston
Keith Greenberg
Jan Travers
Kayla Wolfe
Christina Henning
Caitlyn Martin
Jason Mull
Published in the United States of America by
Information Science Reference (an imprint of IGI Global)
701 E. Chocolate Avenue
Hershey PA, USA 17033
Tel: 717-533-8845
Fax: 717-533-8661
E-mail: cust@igi-global.com
Web site: http://www.igi-global.com
Copyright © 2015 by IGI Global. All rights reserved. No part of this publication may be reproduced, stored or distributed in
any form or by any means, electronic or mechanical, including photocopying, without written permission from the publisher.
Product or company names used in this set are for identification purposes only. Inclusion of the names of the products or
companies does not indicate a claim of ownership by IGI Global of the trademark or registered trademark.
Library of Congress Cataloging-in-Publication Data
Handbook of research on trends and future directions in big data and web intelligence / Noor Zaman, Mohamed Elhassan
Seliaman, Mohd Fadzil Hassan, and Fausto Pedro Garcia Marquez, editors.
pages cm
Includes bibliographical references and index.
ISBN 978-1-4666-8505-5 (hardcover) -- ISBN 978-1-4666-8506-2 (ebook) 1. Big data. 2. Cloud computing. 3. Natural
language processing. I. Zaman, Noor, 1972- editor.
QA76.9.D32H36 2015
005.7--dc23
2015010287
This book is published in the IGI Global book series Advances in Data Mining and Database Management (ADMDM)
(ISSN: 2327-1981; eISSN: 2327-199X)
British Cataloguing in Publication Data
A Cataloguing in Publication record for this book is available from the British Library.
All work contributed to this book is new, previously-unpublished material. The views expressed in this book are those of the
authors, but not necessarily of the publisher.
For electronic access to this publication, please contact: eresources@igi-global.com.
53
Chapter 3
Big Data Security Management
Zaiyong Tang
Salem State University, USA
Youqin Pan
Salem State University, USA
ABSTRACT
Big data is a buzzword today, and security of big data is a big concern. Traditional security standards
and technologies cannot scale up to deliver reliable and efective security solutions in the big data environment. This chapter covers big data security management from concepts to real-world issues. By
identifying and laying out the major challenges, industry trends, legal and regulatory environments,
security principles, security management frameworks, security maturity model, big data analytics in
solving security problems, current research results, and future research issues, this chapter provides
researchers and practitioners with a timely reference and guidance in securing big data processing,
management, and applications.
INTRODUCTION
Big Data has become an entrenched part of discussions of new development in information technology,
businesses, governments, markets, and societies in recent years. It has inspired noteworthy excitement
about the potential opportunities that may come from the study, research, analysis, and application of
big data. However, accompanying those enticing opportunities and prospective rewards, there are significant challenges and substantial risks associated with big data. One of the biggest challenges for big
data is increased security risk.
Security for big data is magnified by the volume, variety, and velocity of big data. With the proliferation of the Internet and the Web, pervasive computing, mobile commerce, and large scale cloud
infrastructures, today’s data are coming from diverse sources and formats, at a dynamic speed, and in
high volume. Traditional security measures are developed for clean, structured, static, and relatively low
volume of data. Undeniably, big data presents huge challenges in maintaining the integrity, confidentiality, and availability of essential data and information.
DOI: 10.4018/978-1-4666-8505-5.ch003
Copyright © 2015, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
Big Data Security Management
At the same time as big data is gaining momentum in the networked economy, security attacks are
on the rise. Security perpetrators are becoming more sophisticated, wide-spread, and organized. As
businesses and other organizations are moving towards a more open, user-centric, agile, and hyper connected environment that fosters intelligence, communication, innovation, and collaboration, attackers
are eager to exploit the intrinsic vulnerabilities that come with open and dynamic systems. Since big
data are generated by those systems, and newly developed big data infrastructures such as NoSQL databases, cloud storage, and cloud computing have not been thoroughly scrutinized for their capability of
safeguarding data resources, information security presents a formidable challenge to big data adaptation
and management.
By identifying and laying out the major challenges, issues, industry trends, framework, maturity model,
and fundamental principles of big data security, this chapter will provide researchers and practitioners
with a timely reference and guideline in securing big data processing, management, and applications.
BACKGROUND
Big Data is generally considered to have three defining characteristics: volume, variety and velocity
(Zikopoulos, et al. 2012). When at least one of the dimensions is significantly high, the data is labeled
big. Traditional techniques and technologies are not sufficient to handle big data. With the enormous
size, speed, and/or multiplicity, big data processing requires a set of new forms of technologies and approaches to achieve effective decision support, insight discovery, and process optimization (Lancy, 2001).
Although the three V’s of big data definition has wide acceptance, recently, there have been attempts
to expand the dimension of big data to include value and veracity (Demchenko, et al., 2013). The value
dimension of big data deals with drawing inferences and testing hypothesis, and the veracity dimension
is about authenticity, accountability, availability, and trustworthiness. Some researchers (e.g., Biehn,
2013) have suggested adding value and viability to the three V’s.
Although big data has been discussed for over a decade since 2000, interest in big data has only experienced significant growth in the last few years. Figure 1 shows the Google search interest for the search
term “Big Data” from January 2004 to June 2014. The figure does not show actual search volume. The
y axis represents search interest relative to the highest point, with the highest point being scaled to100.
For more historical information about big data, the reader is referred to Press (2013), which documents
the history of big data that dates back to the 1940s.
Soon after the interest in big data has gained significance, the search interest in big data security and
big data privacy has also experienced remarkable growth. Figure 2 shows the Google search interest
for the search term “Big Data Security” (top line) and “Big Data Privacy” (bottom line) from January
2011 to June 2014.
In order to clearly articulate, define, and build the big data ecosystem, there has been a concerted
effort to develop big data architecture by both standard organizations such as National Institute of Standards and Technology (NIST) and major information technology companies such as IBM, Microsoft, and
Oracle. Demchenko et al. (2013) consolidated previous models of big data architectures and proposed
a Big Data Architecture Framework. This framework consists five key components of the big data ecosystem: Data Models, Big Data Management, Big Data Analytics and Tools, Big Data Infrastructure,
54
Big Data Security Management
Figure 1. Big Data Web Search Interest, January 2004 – June 2014
Source: Google Trends
Figure 2. Big Data Security/Privacy Web Search Interest, January 2011 – June 2014
Source: Google Trends
and Big Data Security. Data model defines the type and structure of data. Big data management deals
with the planning, monitoring, and managing the big data life cycle. Big data infrastructure consists
hardware, software, and technology services (often cloud based), including security infrastructure that
establish access control, confidentiality, trust, privacy, and quality of service. Big data security goes
55
Big Data Security Management
beyond the security infrastructure to provide security lifecycle management, security governance, policy
and enforcement, fraud detection and prevention, risk analysis and mitigation, and federated access and
delivery infrastructure for cooperation and service integration. A more specific security framework was
proposed by Zhao et al. (2014) for big data computing across distributed cloud data centers.
BIG DATA SECURITY MANAGEMENT
The complexity resulting from the five dimensions (5 V’s) of big data makes the management of big
data more challenging than traditional database or knowledge base management. Major challenges in
handling big data include storage challenge, which must deal with increased size, cost, and scalability
requirements; network challenge, which involves the accessibility, reliability, and security of obtaining and
sharing data with both internal constituents as well as external customers, suppliers, and other partners;
data integrity challenge, which necessitates data authentication, validation, consistency checking, and
backup; and metadata challenges, which requires the establishment of data ontologies and data governance.
The NIST defines information security as “The protection of information and information systems
from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide
confidentiality, integrity, and availability.” (NIST, 2013)
Although security and privacy principles for traditional data can be applied to big data, hence many
of the existing security technologies and best practices can be extended to the big data ecosystem, the
different characteristics of big data require modified approaches to meet the new challenges to effective
big data management. There are several areas in which big data faces different or higher risk than traditional data. Higher volume translates into higher risk of exposure when security breach occurs. More
variety means new types of data and more complex security measure. Increased data velocity implies
added pressure for security measures to keep up with the dynamics and faster response/recovery time.
Most organizations are just starting to embrace big data, thus the big data governance and security
policy are likely not at a high level of maturity, which is also a reflection of the immaturity of the big
data industry and bid data ecosystem.
Security and Privacy Legal Requirements
Big data as a relative new paradigm needs new laws and regulations to safeguard security and privacy. In
general, the legal system is still immature and unbalanced in the global environment. The United States
and the European Union have a number of laws regarding information privacy and security. Those in
the US include the Privacy Act of 1974, The Privacy Protection Act (PPA) of 1978, The Health Insurance Portability and Accountability Act (HIPPA) of 1996, The Children’s Online Privacy Protection Act
(COPPA) of 1998, The Children’s Internet Protection Act (CIPA) of 2001, The Electronic communications
Privacy Act (ECPA) of 1986, and The Federal Information Security Management Act (FISMA) of 2002.
In Europe, the United Kingdom passed the Data Protection Act (DPA) in 1998. The law regulates data
processing on personal identifiable information (PII). The European Union adopted The Data Protection
Directive in 1995, which governs personal data processing within the European Union. The European
Union Internet Privacy Law was ratified in 2002. A new security and privacy law, The European General
Data Protection Regulation, was drafted in 2012, which supersedes the Data Protection Directive. The
Federal Assembly of the Swiss Confederation passed the Federal Act on Data Protection (FADP) in 1992.
56
Big Data Security Management
The Privacy and Data Security Law Deskbook (Sotto, 2013) provides coverage of major International laws of information security and privacy, including United States, European Union, Australia,
and Singapore. The book offers practical guidance and explanation of different aspects of security and
privacy issues in different legal environments, and serves as a comprehensive guide on international
security and privacy topics. For new developments and general information about changes in privacy
and security, the Privacy and Information Security Law Blog provides current coverage of global privacy
and cybersecurity law updates and analysis.
Big Data Security Challenges
Security has become an increasing concern as more and more people are connected to the global network
economy. According to the Internet Live Stats website, the number of worldwide Internet users is approaching three billions (Internet Users). There has never been a lack of security attacks, from the early
days of telephone phracker to modern time cyber criminals. As the big data increases in volume, speed,
and variety, the likelihood that data breach is expected to increase significantly. Recently, it is estimated
that the average security breaches results in a loss of $40 million for American companies (Rowe, 2012).
Symantec, an Internet security firm, estimated that the worldwide cybercrime cost is over $100 billion
more than the cost of illegal drug market.
The 2014 first quarter IBM X-Force Threat Intelligence Quarterly report (IBM, 2014) states that
attackers seeking for valuable data will spare no effort in looking for security vulnerability. They will
devise new tools or revitalize old techniques to break the security defense system. IBM X-Force Research
actively conducts security monitoring and analysis of global security issues. It has built a database of
more than 76,000 computer security vulnerabilities. Cloud Security Alliance (2013a) publishes anneal
top security threats in cloud computing.
Figure 3 shows the most common attack types based on data collected in 2013. Undisclosed attack
involves those either using nascent tools/techniques or those were not identified by the intrusion detection
Figure 3. Most Common Attack Types in 2013
Source: IBM X-Force Threat Intelligence Quarterly (2014)
57
Big Data Security Management
system. The most common attack among those known types is the distributed denial of service (DDoS)
attack. SQL injection is a code injection technique targeting databases or data-driven applications. Watering hole is a computer attack method first described by the RSA security firm in 2012. This attack aims
at a particular group of organizations and penetrates the group via infecting some group members who
frequent certain targeted websites. Cross-site scripting is used by attackers to inject client-side scripts
into Web pages visited by website users. Malicious activities can be carried out through the injected
client-site scripts. Phishing is commonly used by attackers masquerading as a trustworthy entity to gain
access to personal information such as username, passwords, and/or credit card data. A targeted phishing
attack directed at specific individuals or organizations is referred to as spear phishing.
The volume of data continues to grow exponentially, the majority of big data is unstructured. Those
unstructured data must be formatted and processed using big data technologies such as Hadoop. Unfortunately, Hadoop was not developed with enterprise applications and security in the blue print. It
was designed to format large volume of unstructured data such as those available on publicly accessible
websites. The original purpose did not include security, privacy, encryption, and risk management.
Organizations using Hadoop clusters must implement additional enterprise security measures such as
access control and data encryption. As Hadoop has become a widely adopted technology in the enterprise big data applications, its insufficiency in enterprise security must be recognized. A new unified
security model for big data is needed.
Traditional data security technologies were developed around databases or data centers that typically
have a single physical location, while big data is typically in distributed, large scale clusters. For example,
a Hadoop cluster may consist of hundreds or thousands of nodes. As a result, traditional backup, recovery,
and security technologies and systems are not effective in big data environment.
Big data is a new paradigm in data science and data applications. New security measures are needed
to protect, access, and manage big data. Comprehensive security policies and procedures need to expend
from structured data in traditional databases and data warehouses to the new big data environment.
Sensitive data needs to be flagged, encrypted, and redacted in NoSQL databases, and their access needs
to be granularly controlled. All access to those data by either users or applications needs to be logged
and reported.
The Big Data Working Group of the Cloud Security Alliance (2013) listed the top ten security and
privacy challenges for big data. Those ten challenges are organized into four categories of the big data
ecosystem: 1) Infrastructure Security, 2) Data Privacy, 3) Data Management, and 4) Integrity and Reactive Security. Note that the top ten challenges were developed based on a list of high priority security
and privacy problems identified by Could Security Alliance members and security trade journals. The
big data working group then studied published solutions and selected those problems without established
or effective solutions.
Big Data Security Framework
There are several security frameworks that have been adopted, such as NIST Cybersecurity Framework,
Control Objectives for Information and Related Technology (COBIT), and the information security
management system (ISMS) established by the International Standards Organization (ISO 27000). A
security framework establishes principles, guidelines, standards, and a set of preferred practices for
58
Big Data Security Management
Table 1. Top Ten Big Data Security and Privacy Challenges
Big Data Challenge
Use Case Example
Secure computations in distributed programming
frameworks
Prevent untrusted mappers from snooping on requests or alter scripts/results.
Security best practices for non-relational data
stores
Migrate from traditional relational databases to NoSQL databases that are more
suitable to process large volume dynamic data.
Secure data storage and transactions logs
Adopt an auto-tier storage system which prioritizes data storage by putting less
utilized data to a lower tier.
End-point input validation/filtering
Develop effective algorithms to validate input data from diverse and dynamic data
sources
Real-time security monitoring
Implement real-time security analytics that support real-time monitoring, querying,
and decision making.
Scalable and composable privacy-preserving
data mining and analytics
Improve scalable privacy-preserving data mining algorithms and prevent untrusted
user from accessing sensitive data.
Cryptographically enforced data centric security
Design innovative techniques to index, analyze, and process encrypted data with
diverse sources. Maintain data confidentiality and integrity
Granular access control
Establish access control at a granular scale so that individual user roles and
responsibilities can be set to access only authorized data, functions, or services
Granular audits
Update auditing with extended scope and granularity for real-time security and
meeting compliance requirements
Data provenance
Keep track of metadata of data creation to support effective digital forensic and
compliance auditing
(Adopted from Cloud Security Alliance, 2013b)
organizations to analyze, plan, design, and implement security information systems. ISO 27000 is the
only framework that organizations can adopt and being certified by a third party once the set of standards
such as security policy, asset management, cryptography, access control are satisfied.
The ISO 27000 consists a series of standards. Disterer (2013) discussed the ISO/IEC 27000, 27001
and 27002 for information security management, and concluded that The ISO 27000, 27001 and 27002
standards can serve as a framework to design and operate an information security management system.
Those standards have been widely disseminated in Europe and Asia. It is expected that the adaptation
of standards-based security framework will increase significantly in the future due the rising challenges
in in information security and privacy.
The ISO 27000 standard was developed in 2009 and continues to evolve to meet the new challenges
in the security industry (ISO 27000, 2009, 2012, 2014). Plan-Do-Check-Act, the classic quality management framework for the control and continuous improvement, forms the basis for security management
in ISO 2700. Although the current ISO 27000 standard does not provide specific provisions for big data
security, we expect that future versions will add this important coverage.
Figure 4 shows a general big data security management (BDSM) framework we adopted from the
Plan-Do-Check-Act Deming cycle. The Design/Planning phase defines, identifies, and evaluates security
risk, and develop appropriate policies, procedures, control, and measure according to desired security
level. This phase also includes a security modeling that builds a threat model and lays out strategies for
most security/privacy breach scenarios. The design blueprint will be turned into operational systems at
the implementation phase. The operation phase delivers the desired functions and services with security
and privacy protection and compliance to laws and regulations. The monitoring and auditing phase mea-
59
Big Data Security Management
Figure 4. Big Data Security Management Framework
sures key performance indicators against designed objectives and provides feedback and performance
reports. The deficiencies identified at the monitoring stage will be used as input for big data security
system redesign, quality control, and continuous improvement.
Successful adoption of a security management framework is critical in helping organizations to identify and assess information security risks, apply suitable controls, adequately protect information assets
against security breaches, and to achieve and maintain regulatory compliance. The ISO 27000 stipulates
that information security management framework must deliver the following desirable outcomes (ISO/
IEC 27000, 3rd Ed., 2014):
1.
2.
3.
4.
5.
Meeting the security requirements of all stake holders;
Advancing the organization’s security/privacy plans and activities;
Achieving the organization’s information security/privacy objectives;
Compliance to laws, regulations, and industry mandates;
Facilitating continuous improvement towards achieving organizational goals.
Demchenko, Ngo, and Membrey (2013) proposed a big data security framework that focuses on data
centric security. The key components in their framework consist of security lifecycle, granular access
control, encryption enforced access control, trusted environment, and federated access and delivery infrastructure (FADI) for cooperation and services integration. The critical success factors to successful
adaptation and implementation of the framework include security policy and procedures that are aligned
with organizational security objectives, commitment from management and stakeholders, information
security awareness, training and education, security incident management, business continuity plan, and
monitoring and feedback.
60
Big Data Security Management
Big Data Security Principles
Cavoukian (2013) has developed a widely recognized framework for information privacy—Privacy by
Design. The central theme of Privacy by Design is that in the age of big data, privacy cannot be assured
just by compliance with laws and regulations. Privacy must be ingrained in organizational design, and
hence becoming the default mode of operation. The seven principles of privacy proposed by Cavoukian
can be readily modified and adopted for big data security. We propose nine foundational principles for
big data security:
1.
2.
3.
4.
5.
6.
7.
8.
9.
Preventative and proactive security;
Security by default—minimal access privilege;
Security embedded into design and operation;
Defense in depth;
End-to-end security;
Visibility and transparency for trustworthiness;
User-centric;
Real-time monitoring;
Accountability and traceability.
Protective measures or subsystems consist of deterrence, avoidance, prevention, mitigation, detection, response, recovery, and correction should be part of the big data security management system. The
big data security best practices suggested by the Association for Data-driven Marketing & Advertising
(ADMA, 2013) include the following:
1.
2.
3.
4.
5.
Implementation of end-to-end security measures;
Implementation of encryption and key management protocols and systems;
Implementation of layered security;
Assessment and implementation of vulnerability penetration testing;
Clear communication of security policies and the consequences for non-compliance.
Big Data Security Maturity Model
A useful approach for assessing organization’s preparedness for big data security is a big data security
maturity model. The idea of a maturity model is popularized by the Software Engineering Institute (SEI)
at Carnegie Mellon University after they proposed the Capability Maturity Model (Paulk, et al., 1995).
The classic capacity maturity model has five level: initial, repeatable, defined, managed, and optimizing.
According to ESI, the software development predictability, effectiveness, and manageability improve as
the organization moves up the maturity levels. The capacity maturity model has been adopted in various
fields other than software development. For example, business process maturity model, risk maturity
model, privacy maturity model, etc.
Figure 5 shows a bid data security management maturity model we adopted from the capacity maturity
model. Along the maturity spectrum, at the very beginning, Nonexistent, there is no awareness of big data
security risk and challenges. In the Initial stage, the organization has recognized the importance of big
data security management in the face of big data security challenges. It is the starting point of deploying
61
Big Data Security Management
Figure 5. Big Data Security Management Maturity Model
new or undocumented processes. This stage is characterized by ad hoc, or even chaotic approaches and
unpredictable results. In the Developing stage, a broad assessment of big data security risk is carried out
and certain key areas have implemented, and big data security processes documented. At the Defined
level, the big data security processes are standardized and imbedded in routing business operations. At
the Managed level, performance metrics are established and big data security processes are measured
against the performance metrics and continuous improvement is embedded into the operations. Finally,
at the Optimizing level, big data security processes are fine-tuned to achieve optimal results, delivering
the highest level of security within the resource constraints.
Big Data for Security Industry
Although there are many challenges in big data management and applications, there are also many opportunities presented by big data that lead to new discoveries, insights, and innovative applications. In the
security industry, big data analytics has helped organizations to proactively identify and predict security
attacks (Hipgrave, 2013). With the advancement of big data analytics, organizations will be able to collect
and analyze large volume of data from various unstructured data sources such as email, social media,
e-commerce transactions, bulletin boards, surveillance video feeds, Internet traffic, etc. Forward-looking
organizations are moving beyond traditional security measures to safeguard their coveted information
assets. Big data security monitoring and analytical tools can be a valuable aid to security professionals
and law enforcement in their fighting against cyber criminals. An example of such an application is to
analyze data in confluence and in motion to detect cyber fraud/attack before serious damage occurs.
Big data security should not be an afterthought, even though the security industry is often playing catch
up with the perpetrators. Those organizations that adopt big data security framework and follow big data
security principles will be able to take advantage of big data analytics and be able to predict, detect, act,
respond, and recover quickly from security breaches. Once the organization reaches sufficient big data
security maturity level, it will be in a solid position to fight against all known security attacks. It is even
possible that the organization is able to anticipate and mitigate new/unforeseen threats. Common big data
analytics applications in security and public safety include crime analysis, computational criminology,
terrorism informatics, open-source intelligence, and cyber security (Chen, Chiang, and Storey, 2012).
62
Big Data Security Management
RESEARCH ISSUES AND DIRECTIONS
Big data security is of great interest to security practitioners as well as academic researchers. Many believe
that we have entered the era of big data that offers enormous opportunities for transforming data science
and data driven research and applications. With the advancement of big data technologies, infrastructure,
data mining, business intelligence, and big data analytics, researchers and business analysts are able to
gain more insights about big data security challenges, risk assessment and mitigation, and be able to
develop more effective business solutions (Chang, Kauffman, and Kwon, 2014).
However, we are still at the ground level of big data paradigm shift. There are still many unsolved
issues in big data security management. Most traditional security tools and technologies do not scale
and perform well in big data environments. Substantial effort is needed to develop a holistic and robust
big data security ecosystem. Some pioneering work has been done (Demchenko, Ngo, and Membrey,
2013; Disterer, 2013). However, there are still lingering questions such as: Is cloud computing the right
infrastructure to support big data storage and processing? Is the architectural flexibility of NoSQL databases amenable to trustworthy big data security? How can we trust big data that come from a variety
of untrusted input sources? Will big data “usher in a new wave of privacy incursions and invasive marketing”? (Boyd and Crawford, 2012) How do we balance the need for big data security and usability?
It is important for security professionals, regulatory bodies, law enforcement, and big data service
providers as well as users to keep in mind, while we try to address those questions, big data security
continues to evolve as the five V’s of the big data ecosystem are constantly changing and increasing.
More and more people will be involved with big data research and development, services, applications,
and consumptions. No doubt that the number of people interested in exploiting the big data with malicious intent is also increasing.
As discussed in the previous section, there are many challenges in big data security and privacy. Here
we list some key research issues facing big data researchers and practitioners:
1.
2.
3.
4.
5.
6.
7.
Robust security standards designed and developed for big data from the ground up. The lack of
established security standards has resulted in some vendors involved with big data systems such
as NoSQL solutions to develop ad-hoc security measures.
Built-in security at the granular level. This has the potential to allow security control and management with surgical precision.
A big data security architecture that provides a security framework to integrate diverse security
technologies that are available today, but do not work coherently together. Rather than piecemeal
and separate solutions, we need a holistic approach to deal with current and emergent security
threats.
Continue the development of the big data ecosystem, of which big data security is a key component. Security should be deep-rooted in all aspects of the big date lifecycle, that includes sourcing,
storage, process, analysis, and delivery of results to targeted applications.
Reshape the cloud infrastructure for better big data security and trustworthiness, in order to alleviate the concern that big data security and privacy are cloudy in the cloud.
Continue the promising research in addressing information technology/system security problems
using big data and big data analytics.
Real-time big data security analytics that integrates natural and artificial intelligence for advanced
security threat analysis, prediction, detection, tracking, and response.
63
Big Data Security Management
CONCLUSION
It is evident that big data is with us today and it is going to have a significant impact on governments,
businesses, societies, and individuals in the future. As we embrace the opportunities brought by big
data, we must also be keenly aware of the security challenges associated with big data infrastructure and
applications. In this chapter, we explored the concepts of big data security, presented big data security
management frameworks, summarized big data security challenges, identified big data security principles, and suggested a big data security maturity model. Furthermore, we discussed the application of
big data analytics in solving security related problems.
Although big data security is immature today, we believe, with concerted effort from industries,
governments, academicians, and practitioners, big data security will improve over time to meet those
challenges discussed in this chapter. Similar to the case of Internet security, which is an afterthought when
the need for security became critical and evident. The initial Internet architecture had little consideration
for security and privacy. However, as Internet and the World-wide Web grew exponentially in the 1990s,
multi-layer Internet security protocols were developed and those security standards helped facilitating
the growth of the Internet and Internet applications. We are optimistic that big data security will follow
a similar path. This chapter provides basic concepts, principles, challenges, and current issues of big
data security. We hope it serves as a launching pad for advancing big data security research in the future.
REFERENCES
ADMA. (2013). Best Practice Guideline: Big Data. A guide to maximising customer engagement opportunities through the development of responsible Big Data strategies. Retrieved from: http://www.
adma.com.au
Biehn, N. (2013). The Missing V’s in Big Data: Viability and Value. WIRED.com Retrieved from: http://
www.wired.com/insights/2013/05/the-missing-vs-in-big-data-viability-and-value/
Boyd, D., & Crawford, K. (2012). Critical Questions for Big Data: Provocations for a Cultural, Technological, and Scholarly Phenomenon. Information Communication and Society, 15(5), 662–675. doi:
10.1080/1369118X.2012.678878
Cavoukian, A. (2013). Big Privacy: Bridging Big Data and the Personal Data Ecosystem Through Privacy by Design. Retrieved from http://www.privacybydesign.ca/
Chang, R. M., Kauffman, R. J., & Kwon, Y. (2014). Understanding the paradigm shift to computational social science in the presence of big data. Decision Support Systems, 63, 6780. doi:10.1016/j.
dss.2013.08.008
Chen, H., Chiang, R. H., & Storey, V. C. (2012). Business Intelligence and Analytics: From Big Data
to Big Impact. Management Information Systems Quarterly, 36(4), 1165–1188.
Cloud Security Alliance. (2013a). The Notorious Nine Cloud Computing Top Threats in 2013. Retrieved from
https://cloudsecurityalliance.org/download/the-notorious-nine-cloud-computing-top-threats-in-2013/
64
Big Data Security Management
Cloud Security Alliance. (2013b). Expanded Top Ten Big Data Security and Privacy Challenges. Big
Data Working Group. Retrieved from https://cloudsecurityalliance.org/research/big-data/
COBIT. (n.d.). Retrieved from https://cobitonline.isaca.org/
NIST Cybersecurity Framework. (n.d.). Retrieved from http://www.nist.gov/cyberframework/
Demchenko, Y., Grosso, P., de Laat, C., & Membrey, P. (2013). Addressing big data issues in Scientific
Data Infrastructure. In Proceedings of the International Conference on Collaboration Technologies and
Systems (CTS). IEEE. doi:10.1109/CTS.2013.6567203
Demchenko, Y., Ngo, C., & Membrey, P. (2013). Architecture Framework and Components for the Big
Data Ecosystem. Retrieved from http://www.uazone.org/demch/worksinprogress/sne-2013-02-techreportbdaf-draft02.pdf
Disterer, G. (2013). ISO/IEC 27000, 27001 and 27002 for Information Security Management. Journal
of Information Security, 4(2), 92–100. doi:10.4236/jis.2013.42011
Gartner Group. (2012). Gartner Says Big Data Creates Big Jobs: 4.4 Million IT Jobs Globally to Support Big Data By 2015. Retrieved from http://www.gartner.com/newsroom/id/2207915
Google Trends. (n.d.). Retrieved from http://www.google.com/trends/
Hipgrave, S. (2013). Smarter fraud investigations with big data analytics. Network Security, 2013(12),
7–9. doi:10.1016/S1353-4858(13)70135-1
IBM. (2014). IBM X-Force Threat Intelligence Quarterly, IBM Security Systems. First Quarter 2014.
Retrieved from: http://www-03.ibm.com/security/xforce/
Internet Users. (n.d.). Retrieved from http://www.internetlivestats.com/internet-users/
ISO 27000. (2009, 2012, 2014). Information Technology, Security Techniques, Information Security
Management Systems, Overview and Vocabulary. International Organization for Standardization ISO,
Geneva. Retrieved from: http://www.iso27001security.com/html/27000.html
ISO 27000. (n.d.). Retrieved from http://www.27000.org/
Laney, D. (2001). 3D Data Management: Controlling Data Volume, Velocity, and Variety. Gartner
Group. Retrieved from: http://blogs.gartner.com/doug-laney/files/2012/01/ad949-3D-Data-ManagementControlling-Data-Volume-Velocity-and-Variety.pdf
Laney, D. (2012). Deja VVVu: Others Claiming Gartner’s Construct for Big Data. Gartner Group.
Retrieved from: http://blogs.gartner.com/doug-laney/deja-vvvue-others-claiming-gartners-volumevelocity-variety-construct-for-big-data/
MacDonald, N. (2012). Information Security Is Becoming a Big Data Analytics Problem. Gartner Report.
Retrieved from https://www.gartner.com/doc/1960615/information-security-big-data-analytics
NIST. (2013). Glossary of Key Information Security Terms, NISTIR 7298, Revision 2. Retrieved from:
http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf
65
Big Data Security Management
Paulk, M. C., Weber, C. V., Curtis, B., & Chrissis, M. B. (1995). The Capability Maturity Model: Guidelines
for Improving the Software Process. SEI series in software engineering. Reading, MA: Addison-Wesley.
Press, G. (2013). A Very Short History of Big Data. Forbes Magazine. Retrieved from: http://www.
forbes.com/sites/gilpress/2013/05/09/a-very-short-history-of-big-data/
Privacy and Information Security Law Blog. (n.d.). Retrieved from https://www.huntonprivacyblog.com/
Rowe, N. (2012). The Big Data Imperative: Why Information Governance Must be Addressed. Aberdeen
Group Research Report.
Shmueli, G., & Koppius, O. R. (2011). Predictive Analytics in Information Systems Research. Management Information Systems Quarterly, 35(3), 553–572.
Sotto, L. J. (2013). Privacy and Data Security Law Deskbook. Frederick, MD: Aspen Publishers.
Zhao, J., Wang, L., Tao, J., Chen, J., Sun, W., Ranjan, R., & Georgakopoulos, D. et al. (2014). A security framework in G-Hadoop for big data computing across distributed Cloud data centres. Journal of
Computer and System Sciences, 80(5), 994–1007. doi:10.1016/j.jcss.2014.02.006
Zikopoulos, P. C., Eaton, C., deRoos, D., Deutsch, T., & Lapis, C. (2012). Understanding big data –
Analytics for enterprise class Hadoop and streaming data. New York, NY: McGraw Hill.
KEY TERMS AND DEFINITIONS
Big Data: Unstructured date with five characteristics: volume, velocity, variety, veracity, and value.
Big Data Security: The protection of big data from unauthorized access and ensure big data confidentiality, integrity, and availability.
Big Data Security Framework: A framework designed to help organizations to identify, assess,
control, and manage big data security and maintain regulatory compliance.
Big Data Security Maturity Model: A multi-level model used to help organizations to articulate
where they stand in the spectrum of big date security, from nonexistent to optimality.
Privacy: An individual’s right to safeguard personal information in accordance with law and regulations.
Security: A state of preparedness against threats to the integrity of the organization and its information resources.
Security Attack: An attempt to gain unauthorized access to information resource or services, or to
cause harm or damage to information systems.
66