'Big security' a natural, necessary extension of big data

By Bernard Golden, CIO |  Big Data, big data, security

That's not enough. In the future, we'll need to be able to subscribe to security services that can analyze an environment, calculate what security measures need to be applied and automatically implement them. Just as manufacturing has outstripped human's ability to perform the same functions manually (think chip manufacturing), so too will information system security outstrip human ability to comprehend the environment's complexity.

The very human tendency to insist upon and only trust that which has been evaluated and implemented by a manual configuration will be overwhelmed by the scale of the need. Those who remain committed to manual security practices will find themselves vulnerable.

Learning. Of course, the security system will need to constantly evaluate what kind of interaction is going on in the environment and applications it is monitoring and tune its behavior accordingly. Again, waiting for humans to examine, comprehend and configure new practices just won't work in this environment. Lest you think this couldn't happen, look at credit card rating and fraud systems. That's all artificial intelligence, with reactions based on the system tracking behavior and modifying its rules as more behavioral data accumulates.

Policy-based, not configuration-based. The role of security administrators will be to define the appropriate security stance of the organization for which they work, capture it in policy and make those policy rules available to the security system. Trying to modify thousands of configuration settings manually will be well beyond anyone's competence. We will need to look to humans to define the desired outcomes and leave the method by which those outcomes are accomplished to the security software.

Tips: Cloud Security: Ten Questions to Ask Before You Jump In

Again, one of the most pressing issues regarding this will be the very human temptation to check on the system's configuration decisions. Should someone intervene in the security configuration process, the likely outcome will be a reduction in overall security.

Naturally, most people's reaction to the ideas discussed here will be disbelief. Most will dismiss it as unrealistic, or too riven with problems both technical and cultural, to ever come about. On the other hand, if you had told almost anyone a decade ago that autonomous cars would be driving around in 2012, people would have laughed at you. Now driverless cars are legal in Nevada. The lesson here: This is moving much more quickly than anyone can imagine, and "big security" is in fact on the horizon.


Originally published on CIO |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness