The Term big data is used to denote the pictorial representations of the algorithms, system technologies designated and the collection of large amounts of data, which leads to the collection of these data using technologies of advanced analysis and parallel computation. The sources used in the collection of these big data associated includes the distributed multimedia sensors, communication devices, internet based applications and distributed business process. Due to the modernization of technologies, the various processes associated with big data are reaching a stage where the widespread adoption and development is achieved.
The following report discusses about the threats associated with the big data securities. The chosen organization is the European Union Agency for Network and Information Security (ENISA). The report also includes a layout of the security architecture of the ENISA. The report further discusses about the top threats and the threat agents associated with the organization. In addition, the report also discusses about the present architecture of the concerned organization as well as the processes that should be implemented it to provide better security benefits and enhanced features.
The European Union Agency for Network and Information Security (ENISA) is a centre currently involved in the information and network security associated with the European Union, private sector, states and the citizens of Europe. ENISA works to communicate the problems associated with the security among these provincial estates. It also helps the European Union states to develop the security legislation required to implement the network related and infrastructure related securities. ENISA also supports the development of cross-border communications by improving the security.
Overview of the case study:
In the report pertaining to the provided case study, ENISA discusses about the various threats related to the threats in the big data technology. In recent years, big data got much success in implementation by the businesses. It is supposed to be included in nearly all the aspects of businesses. The European Commission acknowledged the impact of big data in the economy of a data included sector (Big Data Threat Landscape and Good Practice Guide, 2016). The estimated growth of the personal data is expected to grow to €1 trillion by 2020. The big data technologies are also used in aspects of science and communications to help the sector achieve tremendous growth. In addition, the military aspects of a nation also utilize the use of big data technology to help achieve successful information.
Due to the large-scale adoption of the big data technologies in all aspects of the businesses, the threats and risks associated with this is also increasing. The unethical attackers are targeting the concerned companies or organizations due to their constant use of the big data technologies. Due to this increasing concentration of the attacks, the company remains to undisclose the source and the impact of the attack, which is still the reason for widespread negligence relating to unavailability of the required information. This report is concerned with the threat assessment structure followed by the ENISA. The main purpose is to provide the threat assessment depending on the specifics of the technology concerned.
The regulations of the ENISA legislature aims to deepen the research based on the emerging technologies of the big data and the threats or risks associated with the cyber security on these applications (John Walker, 2014). The main discussion of the regulations is to identify the current threats in the aspects of the cyber security and to apply the solutions in the technologies of big data. This will help mitigate the risks and threats involved.
The scope of the ENISA is to identify the risks and threats associated with the European Union and the other aspects. There is presence of many emerging technologies and the main scope of ENISA is to provide a detailed risk management methods. The main audience for the ENISA legislature is the big data providers and the aspects who want to adopt the big data technologies in their existing infrastructure.
Fig: Security infrastructure
(Source: Created by the author)
This section of the report discusses about the various threats identified by ENISA. These threats are to be addressed so that the mitigation in the most significant time is possible. In case of failure to these risks or threats can lead to disastrous threats including the loss of business in a major way. The threats and risk associated is divided into two different types, the big data leak and the big data breach. In case of the leak of big data, the information is not stolen but is disclosed (John Walker, 2014). However, the big data breach defines the unethical stealing of information in an attempt to get insights from the affected organization.
The unintentional damage or loss of information is one threat that is of concern. These groups of threats involved do not deliberately pose risks but the use of certain information can lead to negligence in operation, which can turn to information loss. The first threat under this group is the human error. This aspect is usually of high risk because of the presence of human errors. The threats present due to this are not a deliberate attack and rather accidental. Misconfiguration in the used system and poor skills of work are the most common cause of human errors. Another threat in this category is the presence of less secure APIs. As the big data systems are made using web technologies, the presence of unsafe APIs can lead to threats in the system involved (Lohr, 2012). The last threat identified in this group is the inadequate design methodologies used. The presence of new technologies is constantly being updated to the process of big data. The implementations are not always secure and the presence of threats is always evident.
The next group is the interception of information by the use of eavesdropping or hijacking. This is an unethical way to get resources without the knowledge of the affected user.
The next and the most significant threat is the nefarious activities or abuse. These threats involves the damage or changes in the infrastructure of the affected user. The use of special abilities or software is usually used to achieve this level of unethical use. The first threat is the identity fraud. This is occurred due to the use of big data technologies to store the personal information of the customers involved. The use of tools to affect the console of the stored information corresponds to granting of immediate access to the user information. This is a very important reason for the need of security enhancements in the area of big data applications or the closing of business is evident due to lack of customer trust. The next threat in this group is the distributed denial of service (DDOS) attacks (Lohr, 2012). These threats exploit the vulnerabilities in the system and make the unavailability of a core module from the system. These threats are to be addressed, as the presence of special modules in the system is required to fight these activities. The next threat is the use of software to gain entry into the system. The use of infecting software to inject codes or viruses and malware to get the desired information is the main scope of using these attacks. The next threats are the misuse of the auditing tools as the need for administrator access is important to get access. Attacks in these aspects can lead to grave dangers.
In addition, many threats are also included like the legal threats arising due to the violation in the regulatory laws and the organizational threats present due to the presence of skill shortage.
Among the threats discussed, the nefarious activities are the most significant as these threats are usually caused with an attempt to not only get information but also cause grave difficulties in business. These threats can lead to major disastrous activities and can lead to problems associated with the business.
Threat agents, impacts and threat probability:
The threat agents are those people who are associated with the development of a threat in the system. They are also sometimes associated with past threats and they are grouped under categories to identify them easily. The first agent is the other corporations who are responsible for the main competition in the market. Depending on their size and their hold in the market, they can pose many threats to the concerned corporation (Lohr, 2012). The probability of threat is usually very high as a company is always dedicated to their improvement and this creates the need to deform the competitors.
The next group of the attackers is the cyber terrorists and the cyber criminals. The criminals are usually in this aspect due to their target in financial gain from the corporation concerned. They are mainly categorized in a local or national level and sometimes international. However, the cyber terrorists are those individual who are concerned with the changes in the society and adopt unethical means (Chen, Chiang & Storey, 2012). Their intentions can be political or religious and their preferred targets are the health services or resource productions as their failure can lead to grave impacts. Their risk probability is very high.
The next agents are the script kiddies who use the programs or software made from others to make deformities in the system. Their impacts are not much as a large company is not impacted by small and petty individuals. Their threat probability is low.
The next agents are the social hackers who use the internet to drive context against the organizations. They are very dangerous as internet can be used to deform the public image of the concerned organization. Due to the presence of good customer services in nearly all organizations, the threat probability is medium.
The staffs, contractors and the operational staffs are also a threat agents as they have inside information relating to the company and can lead to problems in case of emotional instabilities.
The last threat agents are the national states as the use of cyber weapons can be used by them without notifying the concerned corporation. Their threat probability is medium, as this does not occur constantly. The threat probabilities in cases of the identified threats are listed below.
Fig: Threat probability of the agents
(Source: Big Data Threat Landscape and Good Practice Guide, 2016)
The improvements in the architecture include adoption of many technologies in the system to help facilitate the enhancement in the security. The different governing bodies like the COBIT 5 or the ISO made technical reports regarding the suggested improvements to be applied in the infrastructure. As the big data technologies involve the use of constant data retrieval from various aspects, the need for increased security is important (Big Data Threat Landscape and Good Practice Guide, 2016). The various threats discussed in the report can be improved by applying the proposed improvements.
Information leakage due to human errors can be improved by the application of cryptography in the process. This facilitates the entry to the system to registered users only. In addition, the use of encryption keys is also suggested for enhancing the security of the system. The leaks of data in web application and the inadequate designs also implement the use of cryptography to increase the level of protection in the system (Chen, Chiang & Storey, 2012). Along with this, the use of better security services and infrastructure is required to improve the system.
In cases of the eavesdropping and hijacking threat, the use of cryptography along with the network security management is used to enhance the threat in this section.
In the case of nefarious activities like the identity fraud, information classification is applied where the information will be given a layer of security like that provided in the private cloud. The DDOS attacks can be counter measured by the use of reverse techniques to fight them. Monitoring of traffic, rate limiting, ingress filtering are the common practices to protect a system from DDOS attacks. In addition, the malicious software use can be improved by improving awareness where the use of security features is to be implemented by the users and the customers.
The legal threats involve the usage of information on all the branches of the business. This creates a problem, which can be mitigated by data residency where the data pertaining to an area is not reflected manually in the other regions. This helps in doing business according to the area criteria. In addition, the skill shortage is to be addressed by better training and education along with the awareness in information security.
The current infrastructure is not up to the level needed for the improvements in the security level. This creates the presence of gaps in the system. The first gap present in the system is the data protection vulnerability. As big data is involved with the use of data mining, security is also to be referenced in that aspect as well (Big Data Threat Landscape and Good Practice Guide, 2016). The use of well-integrated software and hardware is to be used to address these vulnerabilities.
The next gap is cryptography as the use of it adds negative aspects to the performance of the system. The scalability of the system is also affected by the use of it as it adds a complex nature to the system.
The last gap is the lack of computing infrastructure as the big data vendors uses different versions and are not security efficient to the level needed. The lack of standards is another aspect faced by this gap.
Thus, it is concluded from the report that the use of big data is a great choice for the implementation of the services as required. The sources used in the collection of these big data associated includes the distributed multimedia sensors, communication devices, internet based applications and distributed business process. These sources are thus required to do business in a systematic process. However, the problems faced from the use of big data are also very grave. In case of any problem faced, the unethical use related to the use of big data can lead to disastrous effects. This security related features are to be enhanced so that the use of such technologies can be continued without the emergence of any problems.
Big Data Threat Landscape and Good Practice Guide. (2016). Retrieved from https://Big%20Data%20Threat%20Landscape.pdf
Boyd, D., & Crawford, K. (2012). Critical questions for big data: Provocations for a cultural, technological, and scholarly phenomenon. Information, communication & society, 15(5), 662-679.
Chen, H., Chiang, R. H., & Storey, V. C. (2012). Business intelligence and analytics: From big data to big impact. MIS quarterly, 36(4).
Dumbill, E. (2013). Making sense of big data.
Gantz, J., & Reinsel, D. (2012). The digital universe in 2020: Big data, bigger digital shadows, and biggest growth in the far east. IDC iView: IDC Analyze the future, 2007(2012), 1-16.
John Walker, S. (2014). Big data: A revolution that will transform how we live, work, and think.
Labrinidis, A., & Jagadish, H. V. (2012). Challenges and opportunities with big data. Proceedings of the VLDB Endowment, 5(12), 2032-2033.
Lazer, D., Kennedy, R., King, G., & Vespignani, A. (2014). The parable of Google Flu: traps in big data analysis. Science, 343(6176), 1203-1205.
Lohr, S. (2012). The age of big data. New York Times, 11(2012).
Marx, V. (2013). Biology: The big challenges of big data. Nature, 498(7453), 255-260.
Marz, N., & Warren, J. (2015). Big Data: Principles and best practices of scalable realtime data systems. Manning Publications Co..
McAfee, A., Brynjolfsson, E., & Davenport, T. H. (2012). Big data: the management revolution. Harvard business review, 90(10), 60-68.
Murdoch, T. B., & Detsky, A. S. (2013). The inevitable application of big data to health care. Jama, 309(13), 1351-1352.
Provost, F., & Fawcett, T. (2013). Data science and its relationship to big data and data-driven decision making. Big Data, 1(1), 51-59.
Swan, M. (2013). The quantified self: Fundamental disruption in big data science and biological discovery. Big Data, 1(2), 85-99.
Wu, X., Zhu, X., Wu, G. Q., & Ding, W. (2014). Data mining with big data. IEEE transactions on knowledge and data engineering, 26(1), 97-107.