© cloud security alliance, 2015 wilco van ginkel, co-chair bdwg

BDWG Overview

Wilco van Ginkel, Co-Chair BDWG

Agenda

1. Big Data Level Set

2. Who are we?

3. What do we do?

4. What have we done so

5. What are we working on?

6. Q&A

Big Data Level Set

• ‘Word on the street’• Sliding window• Dimensions don’t always expand in the same directions. Examples:

• Twitter feeds (small data, but very high velocity)• Hubble Telescope pictures (large pic, but low volume)

• Is Unstructured Data really unstructured?

Value…Veracity (accuracy)

What’s next in BD?• Fast data (e.g., IoT)• Climb up the BD stack• Visualization• Applying BD techniques to ‘Dark Data’ (e.g., Ayasdi)• And much more…

BD Security… Yeah, what about it?

Source: Verizon Big Data White Paper “How to thrive on the frontiers of data”

• Internal• External• Owned,

subscribed, bought

• Format• Governance• Data silos• Storage

infrastructure

• Data Scientists• Predictive• Prescriptive• Visualization• Think different• Not always why

• Plug information in business process

• Actionable

Big Data Life Cycle

Still need to balance

Risk ProfileSecurity

Requirements(CIAA)

BusinessRequirements

And also ensure data qualities

Source: ISACA White Paper “Big Data – Impact & Benefits”, March 2013

Can’t we just use current security controls and standards?

Well, Yes and No…

Change of playing field…•New Paradigm/Technology• The Big Data V’s Data Explosion• Cloud: cheap & easy access to compute & storage •Data on the go Mobility all the way•Data without borders•Difference in international legislation•…

So, there is work to do…

Nice to meet you!

Who are we?• Started April 2012• Focus on Big Data Privacy & Security•Different Initiatives/sub working groups •Works together with other orgs, like NIST• Leadership team:• Chair - Sree Rajan, Fujitsu• Co-Chair - Wilco van Ginkel, Verizon• Co-chair - Neel Sundaresan, Ebay

Our Journey•Develop best practices for security and privacy in big data

• Support industry and government on adoption of best practices

• Establish liaisons with other organizations in order to coordinate the development of big data security and privacy standards

• Accelerate the adoption of novel research aimed to address security and privacy issues

Focus areas

Security Analytics

Cryptography and Privacy Technologies

Infrastructure Security

Privacy, Policy, Governance and Legal Issue

Framework and Taxonomy

What have we done so far?

The Top Ten

November 2012 April 2013

https://cloudsecurityalliance.org/download/top-ten-big-data-security-and-privacy-challenges/

Use Case(s)

Modeling

Analysis

Implementation

Big Data Analytics Report

September 2013https://cloudsecurityalliance.org/download/big-data-analytics-for-security-intelligence/

Examples

WINE Platform

BD Analytics for Security

Botnet monitoring

APT Detection

The Top Ten Crypto Challenges

March 2014

https://cloudsecurityalliance.org/download/top-ten-challenges-in-cryptography-for-big-data/

Big Data Taxonomy

Taxonomy = “The science or practice of classification”

Source: www.arthursclipart.org

Big Data Taxonomy

September 2014https://cloudsecurityalliance.org/download/big-data-taxonomy/

Other initiatives

BDWG Other Initiatives•We provided input for the upcoming NIST Big Data Standard.•We provided comments to the White House Request for Comment on Big Data Privacy. Check out: https://cloudsecurityalliance.org/download/big-data-big-concerns-and-what-the-white-house-wants-to-do-about-it/

• Lots of media interviews. Particularly after we have published a deliverable

What is next?

10 Sections1. Secure Computations in Distributed Programming

Frameworks2. Security Best Practices for Non-Relational Data Stores3. Secure Data Storage and Transactions Logs4. End-point Input Validation/Filtering5. Real-Time Security/Compliance Monitoring6. Scalable and Composable Privacy-Preserving analytics7. Crypto-Enforced Access Control and Secure

Communication8. Granular Access Control9. Granular Audits10.Data Provenance

Help needed…1. Secure Computations in Distributed Programming

Frameworks2. Security Best Practices for Non-Relational Data Stores3. Secure Data Storage and Transactions Logs4. End-point Input Validation/Filtering5. Real-Time Security/Compliance Monitoring6. Scalable and Composable Privacy-Preserving analytics7. Crypto-Enforced Access Control and Secure

Communication8. Granular Access Control9. Granular Audits10.Data Provenance

How to get involved?• CSA Big Data Working Group Site:https://cloudsecurityalliance.org/research/big-data/

• CSA, Big Data LinkedIn:http://www.linkedin.com/groups?home=&gid=4458215&trk=anet_ug_hm

• Basecamp Project Collaboration Site Request Formhttps://cloudsecurityalliance.org/research/basecamp/

• For any questions/remarks/feedback, please contact either:Who How

Sreeranga (Sree) Rajan (Fujitsu) sree@us.fujitsu.com

Wilco van Ginkel (Verizon) wilco.vanginkel@verizon.com

Neel Sundaresan (eBay) nsundaresan@ebay.com

© cloud security alliance, 2015 wilco van ginkel, co-chair bdwg

Documents

bdwg manager v03

wilco - yankee foxtrot hotel (booklet)

the other side of information security wilco van ginkel –...

van ginkel (1)...van ginkel (2) i rutger hermansz,...

session 38 wilco burghout

wilco acars package

erecruitment 2015 -wilco verdoold - budeco

wilco jiskootmathijssmit.nl/fem_business_files/10. de...

tutorial a320 med wilco

utrecht sa- hans van ginkel

wilco construction project presentation

lobby moedertaalonderwijs agatha van ginkel 2010

licht marije kaljouw aart oudendorp jenneke van ginkel

wilco welcome booklet 8.13 - askallegiance.com

portfolio geralda van ginkel grafisch ontwerp

wilco - outtasite (outta mind)

werkboek #rdsgn - menno van ginkel

checklist e-jets wilco

wilco autumn 2012 - sparkeswalker.co.nz

wilco van holdinga testamenten