New big data-oriented network security solutions drill down to the device level an automatically enforce policy related to that particular device. This is something that in the past, networks would have had to rely on for humans to enforce.
Networks that are able to support any device will need data-based device-level security. And for doubters who think BYOD is akin to
network anarchy and think no unauthorized device can ever be allowed on the network, McGee has a warning:
“It's probably already happened and you just don't know it yet,” he says.
A recent Amdocs survey of service providers around the world found that most respondents feel that security is the biggest challenge to their business customers’ BYOD initiatives. 73 percent of
North American service providers, 75 percent of EMEA providers, 88 percent of CALA respondents and 50 percent of APAC service providers reported being worried about BYOD security. Big Data,
device-level security solutions, are the answer to that problem.
Toxic Data
With the massive amounts of data generated and stored in a Big Data environment, it's important to differentiate the various security threat levels particular to the type of information it
contains. In the Forrester report, “The Future Of Data Security and Privacy: Controlling Big Data” analyst and author John Kindervag identifies some data as “toxic.”
“Toxic data is any data that could be damaging to an organization if it leaves that organization’s control,” Kindervag says. “Typically, toxic data includes custodial data — such as credit card
numbers, personally identifiable information (PII) like Social Security Numbers, and personal health information (PHI) — and sensitive intellectual property, including business plans and product
designs.” Then, there is the data that networks have, but do not own, like customer billing data. Kindervag recommends a big data scheme that recognizes these varying levels of necessary data
security and creating silos accordingly.
So Many “Ways In”
“Typical threats include denial of service (DoS) or distributed denial of service (DDoS) attacks where target servers are overwhelmed with gratuitous traffic aimed at them in order to cause
service disruption,” Johnnie Konstantas, Director of Product Marketing for Juniper Cloud Security says. “Other threats include malware and viruses embedded in
legitimate applications streams like database traffic or social media, and infections of mobile devices like smart phones and tablets which can then be used as launching pads into the
network so that valuable data can be exfiltrated.”
Konstantas adds that security starts with monitoring all of the ways data can get “in” the network. The most common of these are:
-
Mobile devices: malware for android and all things "device" abound. Monitoring these for "bad" apps and unwanted access as well as controlling their
authorization on the network is key.
-
Data center perimeter: network firewalls have always been the first line of defense here but the proliferation of attacks requires high-performance devices
that can handle automated attack attempts while allowing legitimate traffic to flow without disrupting business.
-
Web servers: the latest data breach reports show that the vast majority of attacks are launched against web traffic and servers. When it comes to
protecting them, no number of measures and counter measures are too many.