Gary Scholten, CIO and executive vice president at Principal Financial Group, doesn't care for the term big data, but big data looms large in his cyber strategy. Big data has vastly increased the digital assets now exposed to attack, he said, but it also can be used to ferret out suspicious activity and predict potential threats.
In this SearchCIO video shot at the recent MIT Sloan CIO Symposium, Scholten talks with senior news writer Nicole Laskowski about his two-pronged cyber strategy: to provide employees with more data than ever to help them do their jobs while also taking measures to protect the company's high-value digital assets.
How is big data changing the security conversation at Principal Financial?
Gary Scholten: First of all, I'm going to start with [an observation]: I don't like the term big data. To me that is sort of the 'how' you get there, but the 'what' is the data analytics. ... I think one of the things that makes it more difficult is that we went from primarily being structured data, which there, [with regard to] how you secure it, you have a lot different means of doing it. When you go into the broader, unstructured data, that's when it gets more difficult.
In terms of security, I see it sort of two ways. One is: we are now going to use that data, especially that unstructured data that we didn't have in the past, in new and different ways. And we want it to be used by people throughout the company, so that they're using data in making their decisions, and how they can better serve the customer and that sort of thing. That creates a new challenge from the security side, because now you're retaining more data, it's unstructured, and you're making it available to others.
How do you keep all of that additional data safe?
Gary ScholtenCIO, Principal Financial Group
Scholten: So a part of what we've done is to identify what those high-value assets are -- both that we feel have to be most secured and [assets that] maybe others would have more interest in having access to. [We are] making sure that we're controlling those in a much tighter way than maybe we are in some of the others, but at the same time making sure that they're available to everybody in doing their job.
The other side of big data and security is that we're using big data in security. That was one of the early use cases for big data and data analytics: We get massive amounts of data from our interaction with customers, everybody connecting with us through our networks, all the log data that's coming in, and so using big data to help secure is kind of the positive spin on how big data is helpful in security.
How are you applying big data to security and to your cyber strategy at Principal Financial?
Scholten: At a company our size [we] have billions of things trying to interact with us through our networks and other things, so we look to say, 'Are there any correlations, tying [those interactions] up with threat intelligence?' To say, 'Are there things that look like something out of the ordinary -- that we should take some action on it now?' So, just looking for a correlation through the massive amounts of data that we get [is important].