Chapter 13. Security

Making data accessible has been one of the key tenets of the Big Data movement, enabling huge strides in data analytics and bringing tangible benefits to business, academia, and the general public. At the same time, this data accessibility is held in tension with growing security and privacy demands. Internet scale systems are exposed to an ever-changing collection of attacks, with the data held by these systems being the most common target. We’re all aware of multiple high-profile breaches resulting in significant losses of data, including personal data, payment information, military intelligence, and corporate trade secrets. And these are just the breaches that have made the news.

One result of this heightened threat environment has been increased regulatory and compliance regimens in many industries:

• The U.S. Health Insurance Portability and Accountability Act (HIPAA) of 1996 prescribes controls for the protection and handling of individual health information.
• Germany’s Federal Data Protection Act (known as Bundesdatenschutzgesetz or BDSG) was revised in 2009 to regulate the collection and transfer of personally identifiable information (PII), including restrictions on movement of such data outside of Germany and the European Union.
• The Payment Card Industry Data Security Standard (PCI DSS), first released in 2006, is an industry-defined set of standards for the secure handling of payment card data.
• The U.S. Sarbanes-Oxley Act of 2002 regulates corporate ...