Home >> Insights  >>

Big Data Is Here: So Are The Data Gladiators

by Dinesh Pillai, CEO, Mahindra SSG December-2015

As millions of young, urban Indians joined hands a couple of months back to send out their views to the telecom regulatory authority of India (TRAI) on net neutrality, they were taken aback feeling awkward, the authority accidently released the list of more than 1 million email IDs of people who had responded to its request for suggestion on net neutrality. There were plenty of explanations being provided by the authorities but it made the insensitivity about handling big data very clear. While sitting on petabytes of data, organizations all over the world have not been able to acquire the appropriate skills and resources to handle this asset with safety. In other words, zeroing in on an information security analyst who has data discovery experience to take on the potential data intrusion threats is like wishing for the moon. No wonder man almost does not exist.

Before we dive deep into data security challenges, let us understand what it stands for. With rapid growth in businesses driven by information, organizations now are faced withhigh-volume, high-momentum, and diverse information assets. These assets are leveraged by the organizations to generate cost-effective, unique, and useful information for enhanced insight and decision making. A simple example of this is Facebook. Its 1.44 billion monthly active users (As of March 2015) make arguably world's largest database of personal information. Various brands seek Facebook's services to target their potential customers on social media.Moreover, an estimate by Reuters suggest that the quantum of digital data in the world will grow at an exponential rate of 35% CAGR for the next 5 years to touch approximately 35 zettabytes in 2020 from its current levels of 8 zettabytes. Mobile technologies, social media and ever evolving internet business models have fuelled this evolution so far and Internet of Things (IoT) promises to take this to unimaginable levels. Such a quantity of data comes with its inherent risks.

Consider this- In 2013 during the holiday shopping season, Target Corporation accepted that a virtual attack on its data centre had let out the details of at least 40 million credit cards. The company suggested that this may have further results in threats like misuse of personal information, i.e., email addresses and telephone numbers of about 110 million subscribers of credit cards. Such incidents are not merely limited to financial information but are prevalent across industries such as healthcare, hospitality, public services, and retail et al to name a few. This means that the businesses willing to leverage the data heaps owned by them will have to up the ante against the cyber burglars whoare equally sophisticated and able to exploit the smallest gap in the security system of the data centres. The CIOs, which were once seen as go to men for system installation, and making recommendations on IT infrastructure, have to become information security watchdogs.

Herecomes another challenge- the skill gap. Conventional CIOs may take time to evolve before they can shoulder the responsibility of a system security analysts and the new breed hasn't really been sown. According to McKinsey's report, "Big data: the next frontier for innovation, competition and productivity", there are numerous security risks that need to be addressed by the companies and policy makers before they may fully utilize the potential of big data. Only in the U.S., there is a shortfall of about 140,000 to 190,000 people who can understand the potential system security threats, can deal with big data, and have managerial experience with security analytics. To extrapolate this data for the rest of the world, by 2020, we may require close to 5 million information security analytics professionals-A number which looks remote considering the present state. The concoction of data science, machine learning, statistics savvy, multi-level modelling expert, multi-lingual programming freak, and a sensible social scientist cum psychologist is rare, if not impossible. Even if we get all these skills, does that golden angel understand the business which is hiring him?
So, what skills these data security analysts have and how do they help the organizations?

1. Security Domain Expertise: For keeping sensitive, big data safe and effective, it is important to marry the understanding about data with security domain expertise. With the fact that data security threat can come from virtually anywhere, data security experts need not merely look for the technical knowledge but also the IT laws, various industry trends, modes of attack, and psychology of the intruder who has tackled the data . Unlike, the intensely focussed information experts of 90s, today's data security experts need to touch upon a broad range of social sciences, legal, and technical acumen.

2. Data Science Expertise: In vanilla term, data science means mining information out of raw data. Someone who is working for the security of an asset should essentially know how valuable the asset is. In this sense, the data security expert needs to know the relevance of the data from business perspective, the stakes associated with it, and how it can be misused by an intruder. The ability to apply analytical tools to petabytes of data to derive insightful information about a probable attack is the X factor needed in a data security analyst.

3. Storm Expertise- As it is said, "the more you sweat in peace, the less you bleed during the war". Hence, the data security analyst should have the experience to map the areas of threat and the sequence of a potential attack. This skill is a function of experience gained over the years. Understanding the human psychology and behaviour, core business, and the industry trends enables the security expert to where the next can or intrusion comes from. This mapping is not a one- time process but should continue on real time basis.

4. Curious Explorer- The more one knows about the data, the remains due for discovery. Asking the right questions to the stakeholders and converting their responses into data security actions is an important key to success for a data security analyst. There may be times when the stakeholders refrain from sharing certain insights. Hence, understanding of the organizational culture is another important attribute of the data security analyst.

5. Managerial Skills- Despite all the deliberations, there is bound to be times when an unscrupulous attempt to enter into your data nest succeeds. In such case, evaluation of the impact incident, highlighting the lessons learnt, and planning the way forward are the managerial responsibilities of a data security analyst.

Despite all the investments, the companies may not see an immediate emergence of the new breed of gladiators. The evolution will be incremental and may even take a decade before the businesses can handle big data with bigger confidence. And for sure, data security analyst has a great role to play for the businesses of the future.