#CyberFLASH: Data lakes mean a plunge into the security pool

storageMany organizations today are convinced that collecting and hoarding data is their future: Without big data, how can they get to know their customers (and potential customers).

So as the pool of data grows bigger, the need for a way to store it becomes bigger. Often firms have silos of data, but how can that be leveraged? Hence the data lake, a large store of raw data — often built around Hadoop or cloud storage — from which analysts can dip in and create data marts/warehouses. In theory there’s a saving because data doesn’t have to be transformed into familiar formats an organization uses.

But as an article on CSO Online reminds infosec pros, data lakes need securing. After all, what could be a sweeter target than all the valuable data in one place?

“The appeal of increased agility, reduced costs and removal of silos cause many organizations to jump head first into the data lake and ignore basic information governance best practices at their own peril,” Jonathan Steenland, principal at Zyston CISO Advisory Services, is quoted as saying.

That means the standard security strategies must be top of mind. But the article quotes a Gartner analyst saying many of the current data lake technologies on the market don’t have fine-grained security controls. Until then access management, encryption, and tracking of data throughout its lifecycle in the enterprise have to be the priorities of the CISO. The protection becomes even more sensitive if the data lake is in the cloud.

Read more here

#CyberFLASH: Should privacy by design be part of Canadian law?

gavel-stock-image-2Ann Cavoukian has long touted the benefits of “data privacy by design” and now the European Union has passed an overarching privacy law called the General Data Protection Regulation, which embeds that requirement.

The regulation comes into effect in 2018 in the EU. What is unusual about the regulation is that it applies to all EU member countries, replacing the separate privacy laws of each of its 28 countries.

Privacy by design was first developed by Cavoukian in the 1990s when she was privacy commissioner of Ontario. It is an approach to protecting privacy by embedding it into the design specifications of technologies, business practices, and physical infrastructures.

“That in itself is huge,” said Cavoukian, now the executive director of the Privacy and Big Data Institute at Ryerson University.

She was speaking on an International Association of Privacy Professionals panel last week in Toronto called “Privacy by design: How I learned to stop worrying and love disruptive technology.”

Even though privacy by design has been embraced globally for many years, the EU law is the first time it’s appearing in a statute.

Cavoukian noted that Canada’s privacy commissioner, Daniel Therrien, is also now asking if privacy by design should be embedded into Canadian law.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.