Cybersecurity: The big data challenge

The leap year is not until 2016, but Polly Pickering, who oversees the Caribbean and Latin America regions for Internet services company Foreshore, has to think that far ahead. 

“You only need to look at the headlines from the past year to see the importance of information technology governance, risk management and the complexities of compliance businesses face in the New Year,” Pickering says, describing the blooming of the problem in terms of “zettabytes,” a stunning number equivalent to one sextillion bytes. 

In fact, California-based Cisco Systems, which designs, manufactures and sells networking equipment, reported in its Visual Networking Index in June that it expected global Internet traffic to reach 1.3 zettabytes by 2016, the equivalent of 38 million DVDs per hour. 

“There is a lot of data to take care of today, but there will be even more tomorrow,” Pickering says. 

The modern term is “big data,” and Pickering says it is getting bigger. Cisco predicted 3.4 billion Internet users, about 45 percent of the world’s population, by 2016, while the proliferation of tablets and smartphones would boost network connections to nearly 19 billion, approximately 2.5 connections for each person on earth. 

Looking back at IT challenges in 2014, and forward to 2015, she says the four top issues are massive data growth; ongoing security and privacy concerns; off-site cloud storage; and mounting regulations. 

Pickering recently met Neil Murray, chief technical officer of email-security company Mimecast. They discussed the almost 30 petabytes of email the company holds. 

“Having petabytes of global data gives us a lot to think about in regards to how people can interact with their information,” Murray told her. “And while email tools and apps assist users, it is how data is accessed from archives that really makes the difference” 

Mimecast has more than 400 customers in the Caribbean and offshore markets hosted at Foreshore in the U.K.’s Channel Islands, Jersey specifically. Globally, Mimecast boasts more than 1,500 corporate customers and 3 million users. 

The sheer velocity and volume of data generated every second across all industries has companies looking for the best way to manage, store, retrieve and dispose of business information.  

This includes, of course, data security and privacy. Such major retailers as Target, Sony, Walmart, Staples and Home Depot have been victims of serious security breaches, highlighting the critical need for information defenses and re-fortification of security measures. 

The Christmas 2013 hack of Target Corp.’s data by credit/debit card thieves, for example, affected 110 million customers – including thousands of Cayman residents.  

At the same time, financial institutions are under no obligation to tell clients when their accounts have been hacked.  

One Cayman resident learned the Target hackers had compromised her account only when her credit card was rejected for a routine purchase. The bank confessed it had cancelled the card after the intrusion. 

In July last year, the Financial Crimes Unit probed more than one dozen cases in which international hackers used stolen gmail and accounts to penetrate local banks, stealing as much $150,000 each time. 

“The chances of catching anyone are fairly slim,” Anhill Carsana, Financial Crimes Unit computer forensic expert, said at the time. 

Pickering recalled the summer 2014 “phishing” attack on Cayman Airways. Hackers “spoofed” CAL, stealing personal details when people clicked on a URL advertisement for a flight sale. 

“Cayman certainly had its share of hacker assaults,” she says, not to mention regulatory probes for information in 2014. “Both can be intimidating.” 

Rules regarding privacy and compliance complicate data management, storage and access policies. As data volumes grow, so do regulatory mandates, including, for example, disclosure demands by Washington, at one time under the U.S. Patriot Act – an elaborate acronym for Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism – and more recently under the Internal Revenue Service’s Foreign Account Tax Compliance Act. 

Keeping an eye on the way we compute – from smartphones to corporate data centers – is paramount. Cloud technologies are creating “the Internet of everything.”  

Pickering wonders whether companies are making wise decisions, ensuring their security is a top priority around data centers, mobile endpoints, storage locations and security access.  

“Privacy is not a dirty word,” she says. Transparency is the key; no one argues with impeding money laundering and terrorist financing. “Due diligence” and “know your client” regulations are essential, but “there are borderlines that need reverence. The ‘bad guys’ are getting craftier and more insidious, while the ‘good guys’ fight back with greater levels and additional layers of e-protection.”  

Another concern in the “Internet of everything” is an invasion of company networks by something called Bring Your Own Device, a reference to mobile phones, tablets and remote PCs. 

A virus may gain a foothold in an external device – through an instant-messaging app, social media exchanges, downloads from a range of devices, all working on corporate WiFi or a local area network. When connected to a company system, the device can transfer the contagion: “A viral-loaded payload is on your phone, and now it’s in your network,” Pickering says. 

“It’s easy for companies to get confused about what to allow and what to keep out,” she says. “One option when addressing this challenge is combining data flows.” 

A “unified email platform” will filter damaged mail or corrupt URLs with targeted threat protection before the problem even arrives at the company network. This type of TTP complements a cloud-based hosted PBX or similar solution that sanitizes transmission. 

Standardizing data flows with more control adds efficiency to network security, streamlining protection and even controlling costs.  

However, this can, in its turn, spark worries about accessibility: Who has basic control over information and management decisions? Who needs access to your data? “A challenge for companies in 2015 is judicious decisions about data access,” Pickering says, hoping the considerations move out of the IT department and into boardrooms where strategic plans are created. 

“The boardroom needs to participate more in the strategic process,” she says. “Decisions about information archiving and access levels should go beyond data life-cycle dialogue and move into access and collaboration discussions.” 

Moving data into the cloud is also on Pickering’s list of worries. She recommends a “hybrid approach,” in which a company combines an on-premise foothold with off-site continuity, relegating the heavy lifting to secure offshore cloud applications. 

She suggests using cloud “software as a service,” with applications to act as a secure gateway for email and long-time archiving. 

She also encourages a move away from top-heavy platforms like Microsoft SharePoint for document circulation. 

Secure cloud collaboration can ensure global document access for both internal users and external customers who need to share sensitive data. Pickering cites the 2014 launch of HighQ in the Channel Islands – with Foreshore – as an example of “software as a service” excellence, securing file sharing. Companies looking for collaboration tools need to ponder the mainstay direction to stay offshore. 

Pickering advises companies to ask what kind of access a cloud service provider offers. How does it encrypt data? Is continuity included?  

Microsoft’s Office 365 suffered brief down-time in 2014; it had no continuity. While Office 365 and such retail services as Dropbox are acceptable for some onshore businesses, offshore companies usually require stricter security. 

The top threat for 2015 may be regulatory demands. A November AIM Research Lab survey of 106 financial institutions in 24 countries concluded that specified regulations (43 percent) and accessing budgets (35 percent ) were the top two headache in regard to data management. 

Inevitably, the conclusion is that regulatory compliance captures a lot of attention and resources, but competes with data-management initiatives. 

The new year will bring massive increases in quantities of information, adding to the compliance burden – and the challenges of protecting it. When consumers seek greater ownership of their own data, organizations struggle to address those requirements and can end up with more fragmented systems. 

“The regulatory interventions will continue as will the global external threats,” says Pickering. “Sometimes the good guys find themselves fighting a rearguard action relating to cybersecurity and sometimes it is just the burden of regulatory information.” 

Either way, multiple requests can be overwhelming, but the need to both safeguard information and to access it quickly is ongoing, and the 2015 mood of the boardroom in regard to information technology is cautious, alert and intensely aware of the challenges. 

Pickering says executives who put information rights and data-management at the top of their agenda, who explore new IT approaches and who take seriously the complexities of data growth and operational burdens are likely to stay ahead of the curve in the new year.