big data: is our security keeping pace?
DESCRIPTION
Big Data: Is Our Security Keeping Pace?. Big Data: Is Our Security Keeping Pace?. Last December Target was hacked for 40 million records. In January Target reports another hack for 70 million records. Total hack: 110 million records!. Was this done by a global cybercrime group?. - PowerPoint PPT PresentationTRANSCRIPT
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Last December Target was hacked for 40 million records
Big Data: Is Our Security Keeping Pace?
In January Target reports another hack for 70 million records
Total hack: 110 million records!
Was this done by a global cybercrime group?… or by one employee making a bad
choice?
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
Edward Snowden
He worked for the CIA and then NSA and leaked thousands of classified documents to media outlets.The documents showed details of a global surveillance program, especially the mass collection of phone data.Robert Gates: “He’s a traitor that should face the
music.”SXSW Festival: “He’s a whistleblower and a hero.”
You think we’re divided on this issue?
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
These Two Incidents Raise Questions About:
► What data are being collected?
► How are the data being collected?
► How are the data being used?
► How secure (private) are the data?
How can we deal with all of this information responsibly?
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
Objectives:
Better understand the complex issues of big data security and privacy
Make better personal decisions about personal data
Implement better corporate policies regarding collection, use and safeguard of customer data
Overall goal: Produce better, pro-active solutions
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
Why is This Important to Us?
Because all of us are tangled up in big data at every level:
We are collecting dataOur data are being collectedWe are using BIG DATA in one way or anotherOur privacy and confidentiality are at riskEach of us has a LOT to gain … or lose!
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
The Current Situation: More Data!
How much is too much?What data should NOT be collected?What techniques of collection step over the “line”?What kinds of analysis are out of bounds?Security is not improving as fast as hacking.We are allowing technology to drive our
boundaries!
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
Are We Headed Towards “Impossible Privacy”?Case: Who Has Your Social Security Number?
Social Security AdministrationYour bankIRSYour retirement accountsYour insurance companies
Your credit card companiesYour mortgage companyLaw enforcement?Your health care providersYour spouse, kids?
? ? ?Your employer
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
Are We Headed Towards “Impossible Privacy”?Another Case: Google
Google has every single email you ever sent using Gmail. They have it stored, indexed, and they
have built models of your behavior.
Yahoo and Facebook have been doing similar things.
How secure do you feel?
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
Are We Headed Towards “Impossible Privacy”?
“Pretty Sure?” Really?
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
Why is This Important to Us Professionally?
Professional information is being collected about you, much more than you think, probably more than you would approve.What are the corporate risks?
Your company’s data collection and security will affect customer perception.Company data collections are hackable:Store designs
Prospective sitesSales history
Consumer/loyalty dataForecasting models and casing dataEmployee data
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
Understanding Data Context
Data fields have privacy context
Data fields have utility context
Data analysis has context
The IRS can collect my SSN, but not a grocer.
My photo has great value for my passport, but not for Amazon.
Use my purchase history to generate relevant coupons, but not for determining price.
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
Understanding Data Context1. Data fields have privacy context
Collecting with permission: customer addresses, phones, purchases, IRS data, medical info (at health provider), banking, schools.Collecting with “sort of” permission: Internet visits (cookies), credit history, security cameras, satellite imagery, unreadable EULAs.Collecting without permission: NSA’s PRISM program, viruses, worms, key logging, store casings, drones, smart phones, tablets, hacking, purchases of data from other sources.
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
Understanding Data Context2. Data fields have utility
context
Wide Utility: customer addresses, phones, email addresses, purchases, EULAs, demographics.
Medium Utility: Internet visits (cookies), credit card info, security cameras, satellite imagery, store casings, credit history, SSN.Narrow Utility: NSA’s PRISM program, key logging, drones, medical information.
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
Understanding Data Context3. Data analysis has
context
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
The Data Rubik Cube
Privacy
Utility
Anal
ysis
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
Big Data and Security Topics
● The Best Security● Biometrics
● Hacking
● The “Cloud”
● Wireless Data & Encryption
● Social Networks
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
Big Data and Security TopicsThe Best Security
Starts with a really good planIncorporates multiple tiersUtilizes best technology like firewalls, encryption, etc.Emphasizes well-trained employeesMultiple recovery plans, rehearsedWell-defined accountability
Still, there are random influences: No security is perfect
Lavabit had a special secure email with 2,500 character encryption. NSA sued to get the key, and they won. Instead of turning over the key, Lavabit folded.
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
Big Data and Security TopicsBiometrics
Legal status of gathering and using biometrics is unclear.Police started using biometrics in 2011 to recognize offenders.DNA databases and recognition are far more common.FBI is building next generation database with fingerprints, iris scans, palm prints, voice data and facial recognition.NYC “Domain Awareness System” has 3,000 cameras that can recognize and track people and cars.Who owns your biometric data?It’s easy to replace a stolen credit card,
but how about fingerprints or DNA?
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
Big Data and Security TopicsHacking
A Brief History:In the “early days” hacking was a hobby that could get a little cash or mail-order item.Hacking moved to larger scale, getting lots of info and selling it.Hackers then built great software for sale.Now hackers can make a great living hacking for government covert ops. e.g. Snowden’s TAO
Remember when hackers were criminals?
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
Big Data and Security TopicsHacking
Hacking is not a hobby: it is a profession with specialties and a very good income.
Nearly every home computer has been hacked.Hacking technology is never very far behind security, and it always catches up quickly.
Many governments are very active hackers:The STUXNET virus disrupted Iran’s enrichment program.The Chinese government has a hacker building.
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
The “Cloud”
Definition: Expandable storage on network servers.No cloud: Storage is duplicated on every device.
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
The “Cloud”
Definition: Expandable storage on network servers.Using the cloud: One copy serves every device.
This kind of storage encourages you to buy more devices from the same manufacturer.
“The cloud” or “the leash”?
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
The “Cloud”
Many companies offer free cloud storage: up to 10 Gb.You could buy a 1Tb drive for less than
$100.That makes 100 “gifts” of storage for $1 each.
If all your pictures, music, data, books are in the cloud, you could use up your wireless data limit quickly.Apple and Microsoft are really pushing cloud storage, beginning to limit non-cloud choices.
Apple devices will now only sync contacts wirelesslyMicrosoft requires CloudDrive account to get apps.
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
The “Cloud”: The Risks
Internet security breaches happen often.
If the server goes down, your devices can’t access data. (Both Amazon and Gmail have gone dark).Lack of access if you have no Internet access.
Syncing and redundancy bugs are common.
If a hacker gets your password, you may be locked out of all your devices.
Your security is only as good as the weakest link in the chain.
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
Wireless Data and Encryption
Includes: cell phones, tablets, laptops, desktops, car systems, security cameras, printers, headphones, speakers, mice and keyboards, GPS, gaming systems, pet training, musical instruments, RFID devices, walkie-talkies, marine radios, fans, air conditioners, heaters, lights, door locks, smoke alarms, garage door openers, …
Scrappy remote control garbage
disposal.
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
Wireless Data and Encryption
Most wireless data is secure (encrypted), but data are almost never encrypted entirely from start to end-point.That makes data susceptible to “man-in-the-middle”.If computer on either end is compromised, then encryption keys can be stolen, as well as data.
Some magnetic things can be sensed from a distance.Some companies have helped NSA get past their own encryption technology..
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
Wireless Data and Encryption
Snoopy Drone: Can move around and pinch data from your smart phone or tablet without you even being aware of what’s happening.
Which is scarier?
The fact that we have the technology to do this?
The fact that the manufacturer shows it openly and has demonstrated its abilities to the media?
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
Social Networks
The NSA is able to access most using “back door” technique.
(Or How to be Stupid With a Lot of Company)
Digital wiretapping is easy and allows access to every keystroke.Most photos from phones are now geo-tagged.
Just assume that everyone has (or will have) access to everything you do on a social site.
Also assume that anything you give anyone will eventually be uploaded to a social site for everyone’s access.
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
The Future: Option-1We allow technology to continue without
data boundaries, never completely aware of what data are collected, how
they are collected, or how they are used. We allow consumer reactions to
provide controls.
There are lots of companies that remove consumer reactions!
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
The Future: Option-2We get more alert and aggressive with our understanding and react quickly to create
boundaries.This is absolutely necessary, but not enough.This would be entirely reactive, not proactive.Consumers rarely have the complete picture.Example: The new iPhone has a million
permission switches for your phone apps.
That looks good for Apple, but do you really know what the phone is doing?
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
The Future: Option-3We begin to anticipate the direction of data collection and use,
and we create the boundaries before technology arrives at those points.
Can we make laws that require data reporting, perhaps including data licensing and annual reports, similar to the SEC?Can we make laws that limit the type of data collected based on its eventual purpose?
Both of the above ideas would rely on very heavy consequences for violations, including government agencies.
We need to carefully define data ownership at the source, and “data theft.”
Presented at the 2014 Gravitec Store Location Conference by James Puffer
Big Data: Is Our Security Keeping Pace?
The Perfectly-secure Computer