Big Data and the Cloud Compliance Challenge

Big Data and the Cloud Compliance ChallengeBig Data is coming. But many organizations are not ready for it. And a surprising number of key decision makers are not at all clear on what Big Data is. (Most of all it is big. According to IBM, 90 percent of all the raw data we have today has been created in the last two years.)

For all the challenges it poses, Big Data could – at least in principle – help make us more secure. As one industry observer notes, "on the security front it can help you protect your organization from advanced persistent threat (APT) attacks and malware by providing visibility into what's happening in your network."

Unfortunately that is not what is happening. Instead, organizations are losing control of Big Data, and getting buried under it. Companies are using haphazard systems – even spreadsheets – simply to keep track of their data.

Amid the keeping-up struggle, along with the rush into the cloud that Big Data encourages, compliance is falling by the wayside. This is a doubly unfortunate failure, because – as with overall security – Big Data has the potential to help ensure compliance. Companies are putting themselves at needless risk of both data breaches and regulatory fines by allowing their data management and compliance procedures fall into such disarray.

Keeping up with a fast-moving environment is never easy, and Big Data is fast-moving indeed. But you have to start somewhere. The first key to wisdom in getting a handle on Big Data is to understand that control, security, and compliance are not isolated silos. They are part of one integrated, holistic data management process. And the basic tools for achieving this are not a mystery: They are set forth in well-established industry standards.

Don't let compliance get lost in Big Data and the cloud. Start by assessing your current status, or obtaining an expert assessment. Then use that assessment to get a handle on your data management, security, and compliance needs.

The security principles set forth in industry standard ISO/IEC 27002 provide a framework for effective security, built around the cycle of Plan, Do, Check, and Act (PDCA). Many good security products are on the market, but all are designed to meet specific threats – and will not block other threats. At GRT Corp. our security philosophy is built around these words by noted security expert Dr. Bruce Schneier: "Security is not a product, but a process."