You may never stop the hackers, but you can control what they steal BigDataRevealed Discovers, Isolates PII Via Encryption within HDFS allowing timely remediation

The security of your data lake has taken center stage with BigDataRevealed’s Sequestering Cyber-security has taken center stage. Even nations have used security lapses as a weapon against each other. And if you think it is limited to small outlying departments, you are wrong, with the Department of Defense, the Internal Revenue Service and the National Security Agency being on the list of successful security attacks. At the heart of these attacks is the capture of exposed personally identifiable information, or PII, which lends context to other information and provides lists that can be used by the press and others around the world. To help organizations protect the information contained in their data lakes, BigDataRevealed has enhanced their Intelligent Catalog with a Discover and Sequester (DAS) capability, where exposed PII data is identified, sequestered/encrypted and copied into your big data environment with no exposed PII columns. The data can then be safely reviewed in the big data environment using BigDataRevealed. We at BigDataRevealed believe this is the only fail safe approach to protect the contents of your data lake. We also believe that the review process we have applied to remediate suspect PII lapses in your data is the first in the marketplace and a necessary step to protect what is commonly a high security risk.

If you think your data is immune from the security lapses that government and governmental agencies are prone to, think again. Hackers are busy devising interesting ways to gain access to your PII data. In a recent 2016 study conducted by Hewlett Packard Enterprise, over one third of the applications organizations use contain invitations to cyber-security attacks due to at least one critical or highly vulnerable security lapse.

The problem is much worse when you get to big data, which too often lacks even the most basic security controls. Recently, numerous organizations were the targets of malicious attacks that wiped the contents of their Hadoop environments, reminding the victims of the importance of protecting their data. The damage might become even more severe if the hackers corral identifying information to use for further attacks at a later date. A recent 2016 SANS Incident Response Survey of 591 organizations performed by the SANS institute found that introduced malware serving as the means of entry for collecting PII information is still the primary concern of companies. In the same survey, it was reported that 51% of attackers take advantage of weak or outdated authentication mechanisms. Unfortunately, the security framework in many organizations is sorely lacking in the big data environment. The 2016 SANS Incident Response Survey says “As organizations are reinforcing their teams and protecting their assets, they are also gaining better visibility and an understanding of the state of their networks. A majority of organizations, 87%, say they responded to at least once incident within the past 12 months. Of these incidents, only 59% resulted in at least one actual breach. Approximately 21% of organizations say they have responded to at least 100 incidents; however, only 4% of these incidents have resulted in actual breaches. Lastly, approximately 48% of respondents say they have investigated 25 incidents or less, with approximately 47% of those incidents resulting in an actual breach.”

BigDataRevealed believes this capability is sufficiently important to help early adopters enhance the protection of their data lakes with our DAS capabilities. We are able to demonstrate the capabilities made available by using our Intelligent Catalog delivered via a self-contained Virtual Machine Environment.

We are proud to deliver this capability, as we believe it is one of the most critical considerations of the big data environment now and in the years to come. Protection of data entrusted by customers, suppliers, vendors, partners and financiers is critical to the smooth execution of commerce in the digital economy, and we believe that BDR DAS addresses a critical need of the marketplace.

For those contemplating the implementation of the DAS capability, an overview of the protection process is as follows:

1. The BDR Pattern discovery capabilities of the intelligent catalog is run to discover PII patterns. 2. The discovered patterns are matched against the false positive list to eliminate false positives. 3. A copy of the file containing suspect PII information is sequestered (Encrypted) by Column(s) or

complete file and stored in its originating path/folder to not affect current processes. 4. The Originating file with exposed sensitive Information is then deleted. 5. Notifications of the sequestered file are dispatched. 6. The process of what is sequestered, Encrypted and fixed is logged for analysis. 7. The Cataloguing/Metadata and Encryption key are stored securely, not in HDFS.

For more information on how to be an early adopter of the BDR DAS facility contact BigDataRevealed.

ABOUT THE AUTHORS Steven Meister is the president of BigDataRevealed, the vendor of the Intelligent Catalog. Steve can be reached at steven.meister@bigdatarevealed.com. More information on the Intelligent Catalog can be found at http://www.bigdatarevealed.com Mark Albala is the president of InfoSight Partners, the vendor of the Information Valuation Engine and an advisor on information economics. Mark can be reached at mark@infosightpartners.com. BusinessIntelli is the implementation partner of BigDataRevealed and provides technical services with their team of approximately 200 consultants. BusinessIntelli can be reached at chad@businessintelli.com. http://www.businessintelli.com © 2017 BigDataRevealed All rights reserved