As Cybersecurity continues to be heavily focused on solving the problem of attacks against software vulnerabilities and system access, one potential silver bullet in the data breach equation remains out of the limelight. Enter data-centric security… a set of technologies that lower the value of data through encryption, tokenization, data masking and access control methods. Data-centric security has been around for years but doesn’t receive the same level of media coverage, hype or attention that other security technologies do. Perhaps, it should.
When you think about what the average enterprise needs to do to protect against attacks on software vulnerabilities and system access, it is daunting. The sad news is that most companies that have deployed reasonable cybersecurity countermeasures have had an unwanted visitor perusing their systems at some point. It’s not a matter of if your systems will be breached but a matter of when, how and at what cost. So let’s assume from this point forward that there is no way to keep intruders out. Better yet, let’s assume that everyone already on the inside of an organization is a threat to sensitive data within the systems there. It’s called the “Zero-Trust Model” and nothing supports it like data-centric security since the methods used can render data useless if it is ever stolen or removed from the enterprise.
The Big Data Conundrum
To better understand the challenges that today’s enterprises face protecting their data, you need to take a look at what is happening to data on a global scale. While consumers were largely responsible for data growth in prior years, by 2025 worldwide data is expected to increase another tenfold and enterprises will have created 60 percent of it1.
Big data technologies like Greenplum, Hadoop and Teradata are quickly being adopted to help facilitate the storage and access to all this newly created data. Further driving the adoption of big data technologies are applications like analytics, AI, machine learning and IoT which are all fueling the creation and growth of new data lakes. Adding to the challenge is the inherent “open” nature of big data technologies which use standard IP protocols such as HTTP under the hood and provide no native features for encrypting or obfuscating the data they store. In short, these technologies are vulnerable, especially to insiders who have unfettered, root-level access.
Luckily, data-centric security gives enterprises an effective option for protecting data within a big data environment. Key features of data-centric security include:
- Transparent Data Encryption – Transparent data encryption provides an excellent path for protection of structured data within certain data stores like Hadoop and unstructured data in files. Transparent encryption can typically be implemented without changes to application code or databases that present the quickest path to implementation for most enterprises.
- Application Layer Encryption or Tokenization – Application layer data security provides the highest level of security as it can be implemented high up in the software stack to protect data both in transit and at rest. Application layer data protection typically involves changes to application or database code to implement.
- Strong Access Controls – By tightly controlling the permissions for which users have access to cryptographic keys or the data replaced by tokens, it is possible to restrict data access to anyone inside an organization including root-level administrators. This is essential for supporting the Zero-Trust Model that was mentioned earlier.
- Strong Encryption Key Management – Any worthy data security solution using cryptography should include strong key management and a separation of duties between the systems applying that data protection and those performing key management. Good key management systems will also provide the ability to leverage a hardware-based root of trust for key creation and storage.
If you are part of an enterprise that is in the process of implementing big data technologies or if your enterprise already has mature big data environments, you should consider deploying a data-centric security solution. Effective data-centric security solutions are the only reasonable path to realizing a Zero-Trust Model. Without a method of obfuscating sensitive data within ever-growing data stores and keeping unfettered access out of the hands of insiders, the data breach problem will continue to grow, unchecked.
- “The value of data: forecast to grow 10-fold by 2025” – Information Age, April 5, 2017
*** This is a Security Bloggers Network syndicated blog from Data Security Blog | Thales eSecurity authored by Blake Wood. Read the original post at: https://blog.thalesesecurity.com/2018/10/09/data-centric-security-and-big-data/