By Dick Weisinger, on May 16th, 2012
The convergence of massive amounts of cheap storage, fast processors, and software algorithms like MapReduce are fueling the growth of Big Data technoogy. MapReduce is a computing framework that can distribute the processing of a problem described by very large datasets across many computers. Hadoop is an implementation of the MapReduce Algorithm that combines components of the Google File System (GFS) Hadoop’s and makes the software available via the free Apache license.
Hadoop has spawned a a major part of the Big Data industry. A recent CRN article reviews 11 new up-and-coming startups that have built their business plans around Hadoop. Hadoop has primarily been viewed as a tool to help in the computing and crunching of massive amounts of data to derive information and analytics.
Frank Ohlhorst, Senior Technology Editor at Ziff Davis Enterprise, points out that while Hadoop is an enabler of massive data crunching projects, it also can be viewed as an unstructured data storage platform. Ohlhost wrote that ”Hadoop solves the most common problem associated with big data: efficiently storing and accessing large amounts of data. The intrinsic design of Hadoop allows it to run as a platform that is able to work across a large number of machines that don’t share any memory or disks. With that in mind, it becomes easy to see how Hadoop offers additional value — network managers can simply buy a number of commodity servers, place them in a rack, and run the Hadoop software on each one.”
Hadoop brings new capabilities that standard centralized storage platforms can’t offer, like “fault-tolerant clustered architecture and the capability to move computing power closer to the data and perform parallel and/or batch processing of large data sets. It also provides an open ecosystem that supports enterprise architecture layers from data storage to analytics processes.”
By Dick Weisinger, on May 15th, 2012
Verizon has published for the fourth year in a row a comprehensive report on the state of data breaches. The report surveys the number and types of data breach incidents that occur and also provides useful information to both small and large organizations for how to better protect themselves from unauthorized entries and data loss. The report tallies 855 incidents in 2011 for a total of 174 million compromised records.
The Verizon report is long and detailed. A good starting point and summary of many of the findings from the report is the Securosis Blog which identifies five major trends discussed in the report:
- Small organizations tend to be hit hardest and the most frequent significant loss for the target organizations is credit card information
- Large organization have security in place to be resistant to the types of simplistic attacks that ensnare many smaller organizations, but because of their size, large organizations tend to be targets, and often-time victims, of much more sophisticated attacks
- Large organizations have been hit hardest by ‘Hactivism’ or mega-breaches accounting for the loss of large numbers of records
- The top three points for gaining unauthorized access are:
a. Remote access via channels like VPN and remote desktop
b. ’Backdoor’ exploits
c. Outward facing web applications
- Malware is involved with about two-thirds of exploits
Surprisingly, the Verizon report found that, as of yet, data breaches that exploit mobile access are still relatively insignificant in size, although this is likely to grow.
By Dick Weisinger, on May 14th, 2012
What you don’t know, or don’t investigate deeply enough, can hurt you. Especially when it comes to security controls for cloud computing. Many companies are entrusting highly sensitive and confidential data to the cloud, but they haven’t dug deeply enough into the security details of their cloud environment.
Chris Potter, PwC information security partner, said that “Businesses are putting their faith in third parties to take care of their data but many are taking a laissez faire attitude to the security element. Not only are they often completely leaving the security controls to third parties, they are not actually checking what controls those third parties have in place. Small businesses may think that because their data is being hosted by a large cloud provider that good security controls will be in place, but this isn’t necessarily the case. Companies should always check what security controls their providers are operating.”
When moving your data to the cloud, you should’t assume. More organizations are moving data into the cloud. PwC found that 73 percent of organizations use at least one outsourced cloud service. But only 38 percent of those organizations are encrypting the data that is being stored there. And 56 percent of organizations that host data in the cloud have never done any checks on the security provided by their vendor. Potter commented that “Rather than relying on contingency plans, organisations would be in a much more powerful position if they were to secure their data in the first place.”
Potter told InfoSecurity online journal that ”I think it comes down to two things. First, there’s a basic lack of understanding of some of the risks involved; and second, there’s an element of wishful thinking: if I haven’t been burnt, then I’m OK – maybe this security risk is all just hype… What happens is that when people see a shiny new toy, they go off and use it – but it’s only when they actually experience a major security breach in their organization that they stop to make the necessary security changes.”
