Big Data: Answering Questions and Solving Society’s Problems, but at What Cost? John Howie www.cloudsecurityalliance.org.
Download ReportTranscript Big Data: Answering Questions and Solving Society’s Problems, but at What Cost? John Howie www.cloudsecurityalliance.org.
Big Data: Answering Questions and Solving Society’s Problems, but at What Cost? John Howie www.cloudsecurityalliance.org Chief Operating Officer, Cloud Security Alliance Visiting Research Professor and Research Associate, University of Arizona Visiting Professor, Edinburgh Napier University Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org • Big Data Example • The Rise of Big Data • Explosion of Data Sources • Privacy Impact • Government use of Big Data? Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org Global, not-for-profit organization Building security best practices for next generation IT Research and Educational Programs Cloud Provider Certification User Certification Awareness and Marketing The globally authoritative source for Trust in the Cloud “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.” Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org Founded in 2009 Membership stats as of Feb 2013 44,000 individual members, 66 chapters globally 145 corporate members Major cloud providers, tech companies, infosec leaders, governments, financial institutions, retail, healthcare and more Offices in Seattle USA, Singapore, Heraklion Greece Over 30 research projects in 25 working groups Strategic partnerships with governments, research institutions, professional associations and industry Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org Big Data Identifying scalable techniques for data-centric security and privacy problems Lead to crystallization of best practices for security and privacy in big data Help industry and government on adoption of best practices Establish liaisons with other organizations in order to coordinate the development of big data security and privacy standards Accelerate the adoption of novel research aimed to address security and privacy issues Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org Target assigns every customer a Guest ID number, tied to their credit card, name, or email address that becomes a bucket that stores a history of everything they’ve bought and any demographic information Target has collected from them or bought from other sources. Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org Kryder’s Law By 2020, 2.5” drive with 14TB storage will cost $40 Disk Storage has kept pace with Moore’s Law Moore’s Law Most people consider it to mean that computing power will double every two years Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org It is now cheaper to keep data than to delete it Increase in processing power allows us to analyze stored data in ways not done before You can use cloud computing to get (cheap) access to storage and processing power Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org US, UK and other governments are publishing tax-payer funded data Intended for use by researchers, application developers and others No barrier to corporate use Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org Immensely useful to sociologists and anthropologists today and in future Assuming data format can be understood Other researchers are finding use for datasets published by government Especially about government business transactions and interactions with citizens Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org Many companies sell data Risks are often underplayed (or misunderstood) Steps are taken to anonymize or pseudonymize identities with varying levels of success Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org 87% of Americans can be identified with three pieces of information: ZIP, DOB and sex Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org American Diabetes Association released figures this year Direct cost of diabetes in US was $245B in 2012 41% increase in five years from 2007 ($174B) Roughly 20% of healthcare spending Indirect cost of diabetes in economy was $68.6B What if Big Data could cut these costs? Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org Anonymization and pseudonymization strategies need to be closely examined Identification may be possible when datasets are combined Consent to release private data should be obtained first Problem is that consent is often implied in contract Preventing colocation of data will not prevent worst case scenarios Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org Causation versus correlation! Developers and managers without research experience may jump to conclusions Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org John Howie [email protected] [email protected] [email protected] Big Data Research available at: www.cloudsecurityalliance.org Copyright©©2013 2011Cloud CloudSecurity SecurityAlliance Alliance Copyright Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org www.cloudsecurityalliance.org Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org