Agenda 4/21/ Big Data Level Set 2. Who are we? 3. What do we do? 4. What have we done so far? 5. What are we working on? 6.

© Cloud Security Alliance, 2015

Wilco van Ginkel, Co-Chair BDWG

Agenda

© Cloud Security Alliance, 2015

1. Big Data Level Set

2. Who are we?

3. What do we do?

4. What have we done so far?

5. What are we working on?

Big Data Level Set

© Cloud Security Alliance, 2015

© Cloud Security Alliance, 2015.

• ‘Word on the street’

• Sliding window

• Dimensions don’t always expand in the same directions. Examples:

• Twitter feeds (small data, but very high velocity)

• Hubble Telescope pictures (large pic, but low volume)

What’s next in BD?

•Fast data (e.g., IoT) •Climb up the BD stack

•Visualization

•Applying BD techniques to ‘Dark Data’ (e.g., Ayasdi)

•And much more…

© Cloud Security Alliance, 2015.

BD Security… Yeah, what

about it?

© Cloud Security Alliance, 2015. Source: Verizon Big Data White Paper “How to thrive on the frontiers of data”

• Internal • External • Owned, subscribed, bought • Format • Governance • Data silos • Storage infrastructure • Data Scientists • Predictive • Prescriptive • Visualization • Think different

• Not always why

• Plug information in business process

• Actionable

Big Data Life Cycle

© Cloud Security Alliance, 2015.

Still need to balance

Risk Profile Security Requirements (CIAA) Business Requirements

© Cloud Security Alliance, 2015.

And also ensure data qualities

Source: ISACA White Paper “Big Data – Impact & Benefits”, March 2013

© Cloud Security Alliance, 2015.

Can’t we just use

current security

controls

and

standards

?

Change of playing field…

•New Paradigm/Technology

•The Big Data V’s Data Explosion

•Cloud: cheap & easy access to compute & storage •Data on the go Mobility all the way

•Data without borders

•Difference in international legislation

•…

© Cloud Security Alliance, 2015.

So, there is work to do…

Nice to meet you!

© Cloud Security Alliance, 2015

Who are we?

•Started April 2012

•Focus on Big Data Privacy & Security

•Different Initiatives/sub working groups •Works together with other orgs, like NIST •Leadership team:

•Chair - Sree Rajan, Fujitsu

•Co-Chair - Wilco van Ginkel, Verizon

•Co-chair - Neel Sundaresan, Ebay

Our Journey

© Cloud Security Alliance, 2015.

•Develop best practicesfor securityand

privacyin big data

•Supportindustry and government on

adoptionof best practices •Establish liaisonswith other

organizationsin order to coordinate the development of big data security and privacy standards

•Acceleratethe adoptionof novel

researchaimed to address security and privacy issues

Focus areas

© Cloud Security Alliance, 2015.

Security Analytics

Cryptography and Privacy Technologies Infrastructure Security

Privacy, Policy, Governance and Legal Issue

What have we done so

far?

© Cloud Security Alliance, 2015

The Top Ten

© Cloud Security Alliance, 2015.

November 2012 April 2013

© Cloud Security Alliance, 2014.

© Cloud Security Alliance, 2015.

Use Case(s)

Modeling

Analysis

Implementation

Big Data Analytics Report

© Cloud Security Alliance, 2015. September 2013

https://cloudsecurityalliance.org/download/big-data-analytics-for-security-intelligence/

© Cloud Security Alliance, 2015.

Examples WINE Platform BD Analytics for Security Botnet monitoring APT Detection

The Top Ten Crypto Challenges

© Cloud Security Alliance, 2015. March 2014

https://cloudsecurityalliance.org/download/top-ten-challenges-in-cryptography-for-big-data/

Big Data Taxonomy

© Cloud Security Alliance, 2015.

Source: www.arthursclipart.org

Big Data Taxonomy

© Cloud Security Alliance, 2015. September 2014 https://cloudsecurityalliance.org/download/big-data-taxonomy/

© Cloud Security Alliance, 2015.

Other initiatives

© Cloud Security Alliance, 2015

BDWG Other Initiatives

•We provided input for the upcoming NIST Big Data Standard. •We provided comments to the White House Request for

Comment on Big Data Privacy. Check out:

https://cloudsecurityalliance.org/download/big-data-big-concerns-and-what-the-white-house-wants-to-do-about-it/

•Lots of media interviews. Particularly after we have published a deliverable ☺

What is next?

10 Sections

1. Secure Computations in Distributed Programming Frameworks

2. Security Best Practices for Non-Relational Data Stores

3. Secure Data Storage and Transactions Logs

4. End-point Input Validation/Filtering

5. Real-Time Security/Compliance Monitoring

6. Scalable and Composable Privacy-Preserving analytics

7. Crypto-Enforced Access Control and Secure Communication

8. Granular Access Control

9. Granular Audits

10.Data Provenance

© Cloud Security Alliance, 2015.

Help needed…

1. Secure Computations in Distributed Programming Frameworks

2. Security Best Practices for Non-Relational Data Stores

3. Secure Data Storage and Transactions Logs

4. End-point Input Validation/Filtering

5. Real-Time Security/Compliance Monitoring

6. Scalable and Composable Privacy-Preserving analytics

7. Crypto-Enforced Access Control and Secure Communication

8. Granular Access Control

9. Granular Audits

10.Data Provenance

How to get involved?

© Cloud Security Alliance, 2015.

•CSA Big Data Working Group Site:

https://cloudsecurityalliance.org/research/big-data/

•CSA, Big Data LinkedIn:

http://www.linkedin.com/groups?home=&gid=4458215&trk=anet_ug_hm

•Basecamp Project Collaboration Site Request Form https://cloudsecurityalliance.org/research/basecamp/

•For any questions/remarks/feedback, please contact either:

Who How

Sreeranga (Sree) Rajan (Fujitsu) sree@us.fujitsu.com Wilco van Ginkel (Verizon) wilco.vanginkel@verizon.com Neel Sundaresan (eBay) nsundaresan@ebay.com

?

?

_?