(Big) Data? - Cloud Security Alliance

Big Data & Cloud Security/Privacy?
P. A. Subrahmanyam (“Subra”)
Stanford/CyberKnowledge
1
CyberKnowledge © & Confidential
Agenda
 What is Big Data?
 What is involved?
 Where is it useful?
 Challenges?
 Cloud Security Alliance (CSA)
 Big Data Working Group (BDWG) initiatives
2
CyberKnowledge © & Confidential
What is Big Data? (Wikipedia)
 Big data
 Data sets so large or complex that traditional data
processing applications/infrastructure are inadequate.
 Challenges
 include analysis, capture, curation, search, sharing, storage,
transfer, visualization, and information privacy.
 The term often refers simply to the use of predictive analytics or
other certain advanced methods to extract value from data,
 and seldom to a particular size of data set.
3
CyberKnowledge © & Confidential
So… What is (Big) Data?
Traditional Data
Transaction Data
Hadoop
Streaming
Data
Data
Warehouse
Structured
Enterprise
Wide
Integration
Unstructured
Social data
IoT, M2M, RFID, sensors
OLTP System Data
ERP data
Web logs, URLs
Text Data, Video, Audio,
Internal App Data
Mainframe Data
“Newer” Data
Traditional
Sources
New
Sources
Network data
4
4
Applications for Big Data Analytics
Smarter Healthcare
Multi-channel
sales
Finance
Log Analysis
Homeland Security
Traffic Control
Telecom
Search Quality
Fraud and Risk
Retail: Churn, NBO
Manufacturing
Trading Analytics
The CSA Big Data WG
 Big Data Working Group (BDWG)
 Identifying scalable techniques for datacentric security and privacy problems.
 Goals:
 Crystallize best practices for security and
privacy in big data,
 Help industry and government in the
adoption of best practices,
 Establish liaisons with Standards
Development Organizations (SDOs) to
influence big data security and privacy
standards
 Accelerate the adoption of novel research
aimed to address security and privacy
issues.
Cloud Security Alliance (CSA) Big Data
Working Group (BDWG) Initiatives
1: Data
analytics for
security
2: Cryptography and Privacy
preserving/enhancing
technologies
Big Data Working Group
5: Framework
and Taxonomy
140+ members
6: Top 10
3: Big data Infrastructure
security (Attack Surface
Analysis and Reduction)
4: Policy,
Governance, and
Legal issues
https://basecamp.com/1825565/projects/511355-big-data-working
Top 10 Challenges Identified by CSA BDWG
1)
Secure computations in distributed
programming frameworks
2)
Security best practices for non-relational
datastores
3)
Secure data storage and transactions logs
4)
End-point input validation/filtering
5)
Real time security monitoring
6)
Scalable and composable privacypreserving data mining and analytics
7)
Cryptographically enforced access control
and secure communication
8)
Granular access control
9)
Granular audits
10)
Data provenance
Infrastructure
security
Integrity and
Reactive Security
4, 8, 9
1, 3, 5, 6, 7, 8, 9, 10
Data Security &
Privacy
Data Management
10
4, 10
2, 3, 5, 8, 9
Data Storage
Public/Private/Hybrid Cloud
5, 7, 8, 9
8