This blog post is the first in a series based on the ebook The Six Elements of Securing Big Databy security expert and thought leader Davi Ottenheimer. In his book, Davi outlines the rationale and key challenges of securing big data systems and applications. He does so using some great anecdotes and with good humor, making the book a good read whether you’re a white/grey/black hat, cyber superhero, or even if you’re not a security expert at all.
In his first chapter, Davi discusses the rationale for big data security, told as only he can. Here is an excerpt:
The rationale for security in this emerging world of 3V engines (Volume, Velocity, Variety) is twofold. On the one hand, security is improved by running on 3V (you can’t predict what you don’t know) and on the other hand, security has to protect 3V in order to ensure trust in these engines. Better security engines will result from 3V, assuming you can trust the 3V engines. Few things speak to this situation of faster/better risk knowledge from safe automation than the Grover Shoe Factory Disaster of 1905.
On the left you see the giant factory, almost an entire city block, before the disaster. On the right you see the factory and neighboring buildings across the street turned into nothing more than rubble and ashes.
The background to this story comes from another automation technology rush. Around 1890 there were 100,000 boilers installed as Americans could not wait to deploy steam engine technology throughout the country. During this great boom, in the years 1880 to 1890, over 2,000 boilers were known to have caused serious disasters. Despite decades of death and destruction through the late 1800s, the Grover Shoe Factory still had a catastrophic explosion in 1905 with cascading failures that leveled the entire building, burning it to the ground with their workers trapped inside.
This example helps illustrate why trusted 3V engines are as important, if not more so, as the performance benefits of a 3V engine.
It really comes down to figuring out how to use big data to improve the quality of security itself. Many people are actively working on better security paradigms and tools based on the availability of more data. In fact, if you bought a recent security product, there’s a good chance that it is running on a big data platform like he MapR Converged Data Platform. Indeed, according to Davi, “the collection and analysis of as much data as possible is justified by the need to more quickly address real threats and vulnerabilities.”
MapR customers are already putting this into practice.