SANS First Comprehensive Study of Security and Big Data Reveals Usage Insights and Provides Expert Guidance on How to Maximize Security and Compliance
BETHESDA, MD and PALO ALTO, Calif. — June 10, 2015 — SANS, the global leader in information security training and analysis, today announced availability of its first survey and research report identifying how often organizations ranging from enterprises to government agencies are utilizing big data systems, what the associated security challenges are, and how risks can be easily mitigated. Sponsored by Cloudera, the leader in enterprise analytic data management powered by Apache Hadoop™, the study was authored by SANS Analyst Barbara Filkins, with SANS Director of Emerging Technologies John Pescatore participating as an advisor.
In Enabling Big Data by Removing Security and Compliance Barriers, it was revealed that 55 percent of respondents were operating big data systems in full production, pilot or proof of concept, and that 28 percent plan to have big data applications deployed within the next two years. Also revealed by the survey were the primary data types respondent organizations are managing in their big data systems, which included personally identifiable information (PII, 73%), employee records (64%), intellectual property (59%), payment card information (53%), national security intelligence data (40%) and more. Additionally, it was shown that organizations are coming under increased compliance pressure, with 83 percent reporting that their big data systems must comply with one or more regulatory standards.
“Today, the world of data security is still relatively new—threat intelligence, traditional security approaches and a focus on managing mobile and cloud resources have generally advanced the state of data security. But until now, a comprehensive look at security as it relates to big data, Hadoop and the many related applications in use hasn’t existed,” said Filkins. “This SANS survey and research report paint a clear picture of how organizations are using big data architectures for real production workloads and what they should be most concerned about, and provide advice on how to reduce risk in existing and future big data environments.”
“The findings of this survey are completely consistent with the use cases Cloudera customers have been deploying for many years,” said Sam Heywood, director, Cloudera Security Center of Excellence in Austin, Texas. “In fact, our customer and partner MasterCard has been operating a PCI-certified enterprise data hub since 2014. Cloudera enables these use cases with continued investments in security, including key acquisitions like encryption and key management vendor Gazzang, and partnering with Intel around project Rhino. This allows Cloudera to offer comprehensive, enterprise-grade compliance-ready security.”
Additional findings revealed key use cases for big data applications, how sensitive data access is managed, how effective their security controls are, and that the C-level should be taking responsibility for data governance and security:
54% integrate with existing identity and access management systems to manage sensitive data access and 45% authorize user access based on roles (RBAC)
78% of those able to rank security control effectiveness said host-based security technologies were the most effective
72% of those able to rank security control effectiveness said network-based security technologies were the most effective
40% of those able to rank security control effectiveness said encryption technologies were very effective
25% (highest percentage) of respondents said that the CIO and CTO are responsible for big data governance
18% (second highest percentage) said that the CSO and CISO are responsible for big data governance
Less than 5% said system administrators, security administrators and app developers and managers held responsibility
Enabling Big Data by Removing Security and Compliance Barriers Survey and Report polled 206 respondents in Q4 2014. In keeping with the SANS membership base, 80 percent of respondents work in technical roles within IT. In the survey, 52 percent had job titles directly related to security; 28 percent held titles indicating a variety of technical and managerial roles. The remaining 20 percent held titles indicating specialties in compliance, incident response and forensics, application development, business unit manager and application owners and executive management. Industries represented include government, banking and finance, IT, telecom, and healthcare.
The complete survey and report is available at: http://cloudera.com/content/cloudera/en/resources/library/analystreport/enabling-big-data-by-removing-security-and-compliance-barriers.html
To register for the related webinar on June 18, visit: https://www.sans.org/webcasts/big-data-identifying-major-threats-removing-security-compliance-barriers-100092
About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of training and certification to professionals at governments and commercial institutions worldwide. Renowned SANS instructors teach over 50 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates employee qualifications via 27 hands-on, technical certifications in information security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (www.SANS.org)
Cloudera is revolutionizing enterprise data management by offering the first unified Platform for big data, an enterprise data hub built on Apache Hadoop. Cloudera offers enterprises one place to store, access, process, secure, and analyze all their data, empowering them to extend the value of existing investments while enabling fundamental new ways to derive value from their data. Cloudera's open source big data platform is the most widely adopted in the world, and Cloudera is the most prolific contributor to the open source Hadoop ecosystem. As the leading educator of Hadoop professionals, Cloudera has trained over 40,000 individuals worldwide. Over 1,700 partners and a seasoned professional services team help deliver greater time to value. Leading organizations in every industry plus top public sector organizations globally run Cloudera in production.
Connect With Cloudera
Follow us on Twitter: http://twitter.com/cloudera
Visit us on Facebook: http://www.facebook.com/cloudera
Join the Cloudera Community: http://cloudera.com/community
Cloudera, Cloudera's Platform for Big Data, Cloudera Enterprise Data Hub Edition, Cloudera Enterprise Flex Edition, Cloudera Enterprise Basic Editionand CDH are trademarks or registered trademarks of Cloudera Inc. in the United States, and in jurisdictions throughout the world. All other company and product names may be trade names or trademarks of their respective owners.