By Troy Kitch-Oracle on Feb 26, 2015
"Let me begin with my vision of the FTC and its role in light of the emergence of big data. I grew up in a beach town in Southern California. To me, the FTC is like the lifeguard on a beach. Like a vigilant lifeguard, the FTC’s job is not to spoil anyone’s fun but to make sure that no one gets hurt. With big data, the FTC’s job is to get out of the way of innovation while making sure that consumer privacy is respected."
- Edith Ramirez, Chairwoman, Federal Trade Commission
Many large firms have found their big data projects shut down by compliance officers concerned about legal or regulatory violations. Chairwoman Hernandez highlights specific cases where the FTC has cracked down on firms they feel have violated customer privacy rights, including the United States vs. Google, Facebook, and Twitter. She feels that big data opens up additional security challenges that must be addressed.
"Companies are putting data together in new ways, comingling data sets that have never been comingled before," says Jeff Pollock, Oracle vice president for product management. "That’s precisely the value of big data environments. But these changes are also leading to interesting new security and compliance concerns."
- Ubiquitous and indiscriminate collection from a wide range of devices
- Unexpected uses of collected data, especially without customer consent
- Unintended data breach risks with larger consequences
Organizations will find big data experimentation easier to initiate when the data involved is locked down. They need to be able to address regulatory and privacy concerns by demonstrating compliance. This means extending modern security practices like data masking and redaction to the full big data environment, in addition to the must-haves of access, authorization and auditing.Securing the big data lifecycle requires:
- Authentication and authorization of users, applications and databases
- Privileged user access and administration
- Data encryption of data at rest and in motion
- Data redaction and masking for non production environments
- Separation of roles and responsibilities
- Implementing least privilege
- Transport security
- API security
- Monitoring, auditing, alerting and compliance reporting
Learn more about Oracle Security Solutions.