As companies grow, managing risks gets more complex

Size matters when it comes to security, according to Davi Ottenhelmer. Ottenhelmer, senior director of trust at EMC, titled his presentation at SOURCE Boston Wednesday, "Delivering Security at Big Data Scale," and began with the premise that, "as things get larger, a lot of our assumptions break."

The advertised promise of Big Data is that it will help enterprises make better decisions and more accurate predictions, but Ottenhelmer contends that is placing far too much trust in systems that are not well secured. "We're making the same mistakes we've made before," he said. "We're not baking security into Big Data we're expecting somebody else to do it later on." Ottenhelmer, who is completing a book titled,A "Realities of Big Data Security," said he does defense research, and focuses on avoidance and detection. "Avoidance is the best way to escape a damaging attack," he said. "You can move data centers at real-time speeds. You can keep the old one as honeypot, and just observe what's going on with it without causing any harm. Big Data allows it now more than ever."

[Related: Big data security, privacy concerns remain unanswered]

Detection, he said, is everywhere around us. At an event like the Boston Marathon, where catastrophic bombings occurred last year near the finish line, people taking pictures of their friends on their smartphones amounted to an ad hoc surveillance system. But he said the "sad reality" of Big Data systems, at least so far, is that analysts don't always, "pull back to look at the entire ecosystem" of information, and therefore don't get an accurate picture of a problem.

A simple example, he said, was UPS setting a "no left turn" policy for its drivers. "They said they could save a lot of fuel if they made no left turns. But really, the problem wasn't which way they were turning; it was that they were idling their engines waiting to turn. "If you step back and look at the real source of harm, you can deal with it," he said, but added that, again, size matters. "Our control systems, when we grow them, cause bigger problems," he said. This also means, "we are moving into a space where we have to manage risk at a scale we haven't seen." That requires intelligent analysis, he said. Without redefining controls and risks, enterprises will be stuck with a system like the nation's current traffic control system. "Stop lights are a really bad control system," he said, because it means millions of cars sitting at intersections, idling, even if no traffic is coming from either side.

"That's not intelligent control at scale. But now we are starting to have lights talking to one another, and cars talking to lights." The annual savings with a more intelligent control system, he said, would be 33 years of time, $8 million, and 27 fuel tanker trucks. When it comes to security, "simple checklists are good for simple things. But you need intelligent analysis for things that are more complex."

This story, "As companies grow, managing risks gets more complex" was originally published by CSO.

Insider Shootout: Best security tools for small business
Join the discussion
Be the first to comment on this article. Our Commenting Policies