Week in and week out, big-name companies from Target to Neiman Marcus to Michaels learn the severe consequences of flawed data security. The truth is, even when IT has been armed with the latest security technology, defending against breaches isn't easy. In fact, as attacks get more and more sophisticated, it's getting harder.
In this week's New Tech Forum, Brian Milas, CTO at Courion, offers an in-depth look at the data security problem from the standpoint of user identity and access management. As Milas argues, you can't develop an effective solution without makiing sense of the very large quantity of semi-structured data generated by these gatekeeping systems. -- Paul Venezia
Making sense of "big data" from identity management
Providing employees with access to applications and information is a complex operational challenge. Users require broad and varied access to be productive, but that incurs risk. IT must control access, enforcing the principle of "least privilege" in the face of compliance regulations and the threat of security breaches.
Do it right and business runs efficiently with risks understood, mitigated, and rewarded. Do it wrong and catastrophe looms.
To understand business risk effectively, you must have visibility into the access approved, access granted (which may be different than what was approved), the resources and data behind the access granted, and how access is being used. Years ago this was less complex: Employee and customer data lived in the data center, was accessed during work hours, and was less heavily regulated and audited.
Today, data resides not only in the data center but also in mobile devices and the cloud. It's also regulated, audited, and available to many more audiences than just your employees. Here's one way to break down the problem:
More and different types of identities. In the past, IAM (identity and access management) was primarily concerned with workers. Now contractors, suppliers, customers, partners, affiliates, and even devices have identities.
Data explosion. We're generating and archiving more data than ever before. Recent coverage of the NSA's data analysis efforts reveal just how much data we generate as a nation: 1.8 petabytes daily!
Flexible access. In the past, access was largely consolidated in a data center, but then came desktops, then laptops, then mobile and cloud. Today, users expect access anywhere, everywhere, all the time.
Need for speed. The United States is no longer the only "I want it now!" society. Every globally competitive company is keenly aware of the need to provide access and information immediately, whether to a shop floor employee or to a customer who needs current order status.
Increased security expectations. In the past, security was considered a specialized area, but today, government and industry regulators, auditors, board members, media, and consumers are expected to know the ropes. Increasingly, CISOs are calling for staff to flag new risks as they arise.
Logging everything
What does this all mean to a CISO who is concerned with providing only the right access to the right people at the right time? A whole lot of information about a rapidly expanding universe of electronic identities and their context. At Courion, we call this "big identity data."
By way of example, consider a hypothetical 10,000-employee company:
- 10,000 users with access to 10 applications results in 100,000 accounts
- Logging in to these applications at least twice per day yields 200,000 login activity records per day
- Keeping a data store of one month of activity creates a total of 4 million login activity records
Now let's consider how worker interaction with files and folders enters the equation:
- 10,000 workers accessing 50 data assets per day creates 500,000 activity records per day
- Distributed over an eight-hour workday, this results in 62,500 activity records per hour or 1,031 per minute (or 17 per second)
- Keeping a data store of one month of activity creates a total of 10 million unstructured data activity records