Monday, July 29, 2013

Tuesday, July 23, 2013

Big Data Getting Attention

According to IBM, we generate 2.5 quintillion (2.5 followed by 17 zeros) bytes of data every day.  In the last two years, we've created about 90% of the data we have today.  Almost everything that's 'connected' generates data.  Our mobile devices, social media interactions, online purchases, GPS navigators, digital media, climate sensors and even this blog to name a few, adds to the pile of big data that needs to be processed, analyzed, managed and stored.  And you think that saving all your movies, music and games is a challenge.

This data growth conundrum is 3 (or 4 - depending on who you talk to) dimensional with Volume (always increasing amount of data), Velocity (the speed back and forth) and Variety (all the different types - structured & unstructured).  Veracity (trust and accuracy) is also included in some circles.  With all this data churning, security and privacy only add to the concerns but traditional tactics might not be adequate.

Recently the Cloud Security Alliance (CSA) listed the top 10 security and privacy challenges big data poses to enterprises and what organizations can do about them.  After interviewing CSA members and security-practitioners to draft an initial list of high priority security and privacy problems, studying the published solutions and characterizing problems as challenges if the proposed solution(s) did not cover the problem scenarios, they arrived at the Top 10 Security & Privacy Challenges for Big Data.

They are:

  1. Secure computations in distributed programming frameworks
  2. Security best practices for non-relational data stores
  3. Secure data storage and transactions logs
  4. End-point input validation/filtering
  5. Real-Time Security Monitoring
  6. Scalable and composable privacy-preserving data mining and analytics
  7. Cryptographically enforced data centric security
  8. Granular access control
  9. Granular audits
  10. Data Provenance

The Expanded Top 10 Big Data challenges has evolved from the initial list of challenges to an expanded version that addresses new distinct issues.

  1. Modeling: formalizing a threat model that covers most of the cyber-attack or data-leakage scenarios
  2. Analysis: finding tractable solutions based on the threat model
  3. Implementation: implanting the solution in existing infrastructures

The idea of highlighting these challenges is to bring renewed focus on fortifying big data infrastructures.  The entire CSA Top 10 Big Data Security Challenges report can be downloaded here.



Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Tuesday, July 16, 2013

20,000 For Every 1

On average. 

Earlier this month, the State of California released its first annual data breach report showing that in 2012, 131 data breaches were reported putting more than 2.5 million Californians personal data at risk.  The real kicker is that of the 2.5 million, 1.4 million would have been fine if the companies had simply encrypted the data.  Yup, over half would've been safe if proper care was taken to protect the data.  A bit aggravating isn't it?  With all the basic solutions available and data breach media attention you'd think encryption was a no brainer.  Add to that, if it was scrambled, it wouldn't have even needed to be reported according to state law!  Companies can even avoid data breach lawsuits (in California) for encrypting data.  So many reasons.

Retail had the most intrusions with 26% followed closely by finance and insurance with 23% of the total.  Health care accounted for 15% with education and government both taking 8%.  The remaining 15% represented the ever popular 'other.'  Over half included included compromised social security numbers and 5 involved more than 100,000 citizens. 

Security and computer failures, including skimmed point-of-sale devices, accounted for the majority of the intrusions with outsiders doing the most damage.  Always check those ATMs, gas station pumps, unattended kiosks and other machines you slide with your cards.  Sadly, even with personal diligence, once the company has it, they seemingly still let it roam free.  I guess the good news is the requirement to report the breaches so individuals are aware and can take action.

This is is the first state-based, state-specific review of reported data breaches and the California Attorney General's Office recommends that companies focus on improving the following areas of privacy and security:

  • Encryption - If you have unencrypted personal information, you'll probably be next.
  • Security Training – Review and update security procedures, as well as provide regular training to maintain compliance.
  • Readability of Consumer Breach Notifications – Companies should ensure that recipients actually understand the content of such notices.
  • Offering Credit Monitoring Assistance – When offered to consumers, it can limit future issues.

Hopefully, in the near future other states will release their own reports to better understand their situations in context to the all the yearly, national reports.



Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Wednesday, July 10, 2013

BYOD 2.0 -- Moving Beyond MDM

#BYOD has quickly transformed IT, offering a revolutionary way to support the mobile workforce. The first wave of BYOD featured MDM solutions that controlled the entire device. In the next wave, BYOD 2.0, control applies only to those apps necessary for business, enforcing corporate policy while maintaining personal privacy. The #F5 Mobile App Manager is a complete mobile application management platform built for BYOD 2.0




Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Tuesday, July 2, 2013

The First Six Remix

With 2013 cruising along and half the year in the rear view, I thought a rest stop with all the off-ramps thus far would catch you up on this road trip.  67 stops, 44 watchable.


Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]