Traditional security and privacy defenses can't keep up with today's cyber threats, according to Rob Thomas, VP of product development for IBM Analytics. Companies need to go on the offense and implement a sound data governance plan if they hope to keep customer and company information safe.
Thomas spoke with SearchCIO's senior news writer Nicole Laskowski at the recent MIT Sloan CIO Symposium in Cambridge, Mass. about the changing world of data governance, how the data governance plan will play out in the cloud and the role of big data analytics in helping companies achieve stronger insights and leverage security. He was a featured speaker during a panel discussion on “Big Data 2.0: Next-Gen Privacy, Security, and Analytics” at the event.
How has big data changed the security and privacy conversation?
Thomas: Big data and security, I think of them as two sides of the same coin. They're highly linked and integrated. But today, security for many companies is a very manual process. You're dealing with 200,000 events a day. You can't do all that manually. So analytics is about how you start to instrument what you're doing, make better use of the data assets that you have so that you can make quicker decisions.
200,000 events per day ... what kinds of security events?
Thomas: It could be any type of an intrusion event, some suspect behavior on the network. It could be anything that is raising an alarm that says, "Maybe there's some action we need to take."
What is the difference between an offensive strategy and a defensive strategy in a data governance plan?
Thomas: Security and privacy is really a defensive measure. It's preventing something that could happen, and you're always protecting yourself. I think the right strategy around data is an offensive strategy, which is about data governance. So how do you catalog what you have, understand who's accessing it? How do you manage the lifecycle of your data? If you get an offense, it totally changes the game, and half the money you spend on defense is no longer needed.
Why do organizations struggle to get to a point where good data governance exists?
Thomas: The world has changed dramatically from the first time data governance became popular. At that time it was, we have one database, one warehouse; we're just trying to protect one environment. Now, you're talking about data from potentially thousands of sources with hundreds of thousands of users interacting with it. So it has really changed the nature of data governance.
Now it's about how do I manage the lifecycle, who is accessing the data? How do I make sure I'm incorporating all data and all roles within my organization? So data governance is a very different discussion now than it was even five years ago.
Are there any innovative data governance technologies out there?
Thomas: We believe that the data governance story in this next generation is going to play out on the cloud because a lot of data is moving to the cloud. The analogy you need is, can you create a fortress or a castle in the cloud that enables you to have your data not only as a defensive measure, but an offensive measure, and to give you orderly governance.
Rob ThomasVP of product development for IBM Analytics
So these are technologies that help for how you mask data, how you make sure that you're keeping it private. How do you actually predict how somebody might use the data? These are the kinds of technologies that have been born on the cloud, that are changing the nature of data governance.
And how are you seeing data analytics being applied to security?
Thomas: Analytics can make security a lot easier. Most of the money spent today is chasing false positives. So think about it: If you can use analytics to reduce your false positives by 50 percent or more, now suddenly your analyst time is a lot more valuable, and it's spent time on real threats, be they internal or external. So analytics really changes the value equation and, ultimately, the economics around security.
What is the role of human intervention in data analytics security?
Thomas: Humans are going to play a key role in security and analytics regardless of how strong the security and analytics are because there are certain things that just require a separate set of eyes to look at it and make the right decision for where to go. So think of the human piece as, how do we take the best data that we have to make a decision versus going through all of the processes of how you organize the data, how you secure the data first?
So it really changes the nature that the humans play in. I like to think of it as, it's less IT operations and more data science, which is ultimately how we want people spending time anyway.