Leveraging Big Data and Cloud for Better SecurityBy Bob Violino | Posted 2014-01-30 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Organizations are exploring a variety of technologies and techniques to bolster their security, including big data analytics and cloud-based security services.
Evaluating Cyber-Threat Detection
Also exploring big data for security is Health Care Service Corp. (HCSC), which operates Blue Cross and Blue Shield of Illinois, Montana, New Mexico, Oklahoma and Texas. The company is in the midst of a research-and-development project focused on evaluating big data and advanced data visualization technologies for potential applications to cyber-threat detection.
"Our team has done an extensive amount of research in this area over the last four years," says Tom Baltis, executive director, IT Governance, Security and Risk Management at HCSC. The company expects to launch a big data/visualization security initiative within two months, and, by the end of this year, it hopes to have a fully functional solution in place throughout the enterprise.
"We already have a very sophisticated set of capabilities for analyzing security events and detecting cyber-security incidents, but we're looking to innovate in this space by applying big data technologies," Baltis reports.
By using business intelligence (BI) and data visualization tools applied to various types of data the company gathers, HCSC hopes to be able to detect types of incidents that traditional security tools are not able to find—or are even aware of. Its priority is to enhance real-time or near-real-time incident detection.
HCSC also aims to detect security incidents based on data that it has accumulated over the past weeks and months, by applying data analysis tools. By analyzing this data and translating that analysis into automated rules, the company hopes to be able to more quickly detect similar incidents when they occur, and even to predict future security threats and prevent them from causing damage.
"We're always looking for more effective ways of identifying security incidents—trying to become better at what we do and discover things we don't see with traditional tools," Baltis explains.
As far as which technology products HCSC will use for its big data/visualization effort, the company is "casting a broad net," Baltis says, exploring a variety of commercial and open-source BI reporting and processing products and services.
"In the end, our solution will most likely comprise a number of tools, and it might involve some custom-built tools," Baltis says. He says the company aggregates extensive amounts of data, and that data will be continually reviewed and analyzed to detect patterns that may indicate a cyber-security incident.
Turning to Cloud-Based Security
Companies are also investing in cloud-based security services to thwart attacks.
In January 2014, Northrop Grumman, a global aerospace and defense technology company, began using CA CloudMinder, a software-as-a-service (SaaS) offering from CA Technologies that provides user provisioning, self-service user management and an access request system; risk-based authentication; and federated single sign-on for both cloud-based and on-premise applications.
"With identity federation and single sign-on, users can enter a single password to access any application—whether on the customer's government or company-owned cloud or on Northrop Grumman's cloud infrastructure," says Zaki Saleh, business development director, Health IT, at Northrop Grumman.
The company's federal and state health and human services customers "are faced with increased demand from their constituents to access government services online," Saleh explains. "As demands increase, our customers are looking for identity and access management [IAM] solutions to allow constituents to access services through multifactor authentication."
Once a constituent is authenticated, there are subsequent needs for managing access and authorization for specific services or applications, Saleh adds. CA CloudMinder, which can be deployed either on-premise or on a private or public cloud, will help address those needs, he says.
These and other emerging technologies are helping organizations around the world deal with growing and ever-more-virulent security risks.