Skip to main content

CISOs beware: Big data can lead to even bigger problems

Chief information security officers (CISOs) need to treat big data differently, according to Gartner.

The research analyst said that organisations are putting their core systems at risk by treating big data as an individual security issue, rather than a part of a wider problem.

Read more: Cloud adoption influenced by business needs and data security, not cost reduction

By 2016, Gartner reckons that almost 80 per cent of organisations will have failed to create a consolidated data security policy.

"Businesses have traditionally managed data within structured and unstructured silos, driven by inherent requirements to deploy relational database management systems, file storage systems and unstructured file shares," said Gartner analyst Brian Lowans.

However, as is usually the case with enterprise security, altering your entire approach is far easier said than done.

The advent of public cloud services can make the situation murkier still, since both cloud and security providers could gain access to crucial systems at will.

"Big data and cloud storage environments [are] transforming the way in which data is stored, accessed and processed, and CISOs need to develop a data-centric security approach," continued Lowans. "Unfortunately this is not common practice today, and its planning is critical to avoid uncoordinated data security policies and management."

Read more: Insider threats still the number one corporate data security risk

He did have some nuggets of advice, however. "First, CISOs need to evaluate current implementations of DCAP solutions against data security policies that address database, unstructured, cloud storage and big data silos.

"Second, they need to identify gaps in the current implementation of their data security policies and review the risks with business stakeholders against potential DCAP solutions. Business stakeholders may not be accustomed to having strong relations with security teams, and CISOs will need to build partnerships with them to develop new management structures for data security accountability and to identify cross-functional training needs."