www.cloudsecurityalliance.org
John Howie
Big Data: Answering Questions and Solving
Society’s Problems, but at What Cost?
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
About Me
Chief Operating Officer, Cloud Security Alliance
Visiting Research Professor and Research Associate, University of Arizona
Visiting Professor, Edinburgh Napier University
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Overview• Big Data Example
• The Rise of Big Data
• Explosion of Data Sources
• Privacy Impact
• Government use of Big Data?
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
About the Cloud Security Alliance
Global, not-for-profit organizationBuilding security best practices for next generation ITResearch and Educational ProgramsCloud Provider CertificationUser CertificationAwareness and MarketingThe globally authoritative source for Trust in the Cloud
“To promote the use of best practices for providing security assurance within Cloud Computing, and provide education
on the uses of Cloud Computing to help secure all other forms of computing.”
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
CSA Fast FactsFounded in 2009Membership stats as of Feb 2013
44,000 individual members, 66 chapters globally145 corporate membersMajor cloud providers, tech companies, infosec leaders, governments, financial institutions, retail, healthcare and more
Offices in Seattle USA, Singapore, Heraklion GreeceOver 30 research projects in 25 working groupsStrategic partnerships with governments, research institutions, professional associations and industry
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Big Data Working GroupBig Data
Identifying scalable techniques for data-centric security and privacy problems
Lead to crystallization of best practices for security and privacy in big data
Help industry and government on adoption of best practices
Establish liaisons with other organizations in order to coordinate the development of big data security and privacy standards
Accelerate the adoption of novel research aimed to address security and privacy issues
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Everyday UseTarget assigns every customer a Guest ID number, tied to their credit card, name, or email address that becomes a bucket that stores a history of everything they’ve bought and any demographic information Target has collected from them or bought from other sources.
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Two Laws
Kryder’s Law
By 2020, 2.5” drive with 14TB storage will cost $40
Disk Storage has kept pace with Moore’s Law
Moore’s Law
Most people consider it to mean that computing power will double every two years
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Two Laws (continued)
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Practical Impact
It is now cheaper to keep data than to delete it
Increase in processing power allows us to analyze stored data in ways not done before
You can use cloud computing to get (cheap) access to storage and processing power
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Government Data
US, UK and other governments are publishing tax-payer funded data
Intended for use by researchers, application developers and others
No barrier to corporate use
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Use of Public Data
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
More Public Data
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Example Dataset (US)
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Use of Public Data
Immensely useful to sociologists and anthropologists today and in future
Assuming data format can be understood
Other researchers are finding use for datasets published by government
Especially about government business transactions and interactions with citizens
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Private Data Sources
Many companies sell data
Risks are often underplayed (or misunderstood)
Steps are taken to anonymize or pseudonymize identities with varying levels of success
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Private Data Example
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Potential issue
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Combining datasets
87% of Americans can be identified with three pieces of information: ZIP, DOB and sex
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Government Interest
American Diabetes Association released figures this year
Direct cost of diabetes in US was $245B in 2012
41% increase in five years from 2007 ($174B)
Roughly 20% of healthcare spending
Indirect cost of diabetes in economy was $68.6B
What if Big Data could cut these costs?
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Privacy Protections
Anonymization and pseudonymization strategies need to be closely examined
Identification may be possible when datasets are combined
Consent to release private data should be obtained first
Problem is that consent is often implied in contract
Preventing colocation of data will not prevent worst case scenarios
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Biggest Issue
Causation versus correlation!
Developers and managers without research experience may jump to conclusions
www.cloudsecurityalliance.orgwww.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.org
Thank You
John Howie
Big Data Research available at:
www.cloudsecurityalliance.org
Copyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance