….Why Big Data and ‘Context’ is Critical for Security and Privacy..
How do you know that the fertilizer that is being purchased is for nourishing the land for our food supply, growing our grass, tending to our fields, or is being used to make a bomb?
You don’t – unless you have context….
What is context?
Context is…. (This is a real example), I am on a remote island right now for the holiday logged into Microsoft Onedrive and Linkedin…..(why I am logged into these while on vacation is another story).
Both vendors, Microsoft and Linkedin, would not let me log into their services until they could validate what they thought was odd behavior from me. The odd behavior was me using an IP from my regular location based in the continental US. Make sense? …pretty straight forward.
This is context. Well in the case of Linkedin multiple the algorithm needed to do this 300 million times + and growing which is their user community.
From a macro perspective moving forward Big Data, context, and privacy is going to be important to track with the IoT (internet of things), personal data that is strewn across the universe of vendors that you do personal business with. this is not a hard concept to grasp. However what about your business? How do you deal with Big Data security issues in your business?
You as Governor in Your Business
Let’s telescope into your business. Big Data Security Analytics is a “Big” deal because your security teams need to have products in place that also look for clear ‘context’ violations as well. The castle (mote, drawbridge concept is crumbling fast) Here are some examples of where you can apply context awareness:
- Permissions elevation
- Authentication mistakes
- Inter-system communication
- Outbound communication
- Password management – internal users
- Password management – All IT Support staff
If you don’t take context seriously then you are making it easy for hackers! You can gain huge momentum by have these 6 pieces in place and watching them constantly with an outsourced vendor or your internal teams.
Bomb Making and Context and Privacy
Back to the macro perspective; I have just reviewed a practical everyday use of Big Data Security for your own businesses above, however the NSA and marketing organizations are already applying Big Data Security methods in reverse against you. These methods are being used to ‘watch’ and ‘track’ us. Unlike my above example however, they are doing this “without our permission” and they are doing it “without context”. In my opinion, being watched using context is good if you can and do discriminate….
What do I mean by context exactly?
“In order to become information of value, data must be placed in the appropriate context……. For example, if the feature detected was purchasing fertilizer capable of bomb-making, then the agent would seek to determine the occupation of the individual – student, farmer, banker – to aid in producing a conditional probability table for the likelihood of that activity being related to terrorism, on the basis of a probabilistic graphical model (PGM).”
My concern is that identity needs to be user centered. I think that we should be able to carry a virtual wallet that others must request certain aspects of our identity that they want to track. In the case of marketing organizations this must be user permission based. In the case of government this will be harder for national security reasons, but context still is king and we need assurance that the government must go through appropriate legal authorities to break context contraints. Quote
“….keeping a context to that data remains critical, particularly for certain lines of inquiry. Context is hard to interpret at scale and even harder to maintain when data are reduced to fit into a model. Managing context in light of Big Data will be an ongoing challenge.”
The question that naturally follows is, does the ability to collate information in this discreet, context oriented, and individual manner exist?
The authors below propound that it can be done and that civil liberties must always be protected. “As citizens we should be aware of the “creep” of surveillance technologies which are moving into more and more devices. We are led to believe that in order to live in a safe society there is a trade off on our civil liberties and we must give up our privacy, and that the two interests cannot co-exist. It is great to know that software exists that would “blind” the user to the private information unnecessary to the investigation at hand.” Read more here.
As IT leaders we have an advantage moving forward because we have knowledge that the general population does not have to help our businesses make wise security decisions. We can’t abdigate our responsibilities on a Macro level to the federal government or ‘ethically challenged’ marketing organizations, however we can start right where we are within our own businesses fighting the good fight, learning, educating and being aware of the important issues needed to win in this quickly evolving IT Security landscape.