Big data is literally everywhere. It’s in the cloud and under the cloud, at rest and on the move, and growing at a mind-boggling rate.
IBM, a leader in big data analytics, has estimated that organizations create 2.5 quintillion bytes of data each day — and that 90 percent of the data in the world has been created in the last two years alone.
Susan Hauser, VP of Microsoft’s Enterprise and Partner Group, said, “The world now holds twice as many bytes of data as there are liters of water in all its oceans.”
Big data originates from multiple sources: such as sensors used to gather climate information, posts to social media sites, digital pictures and videos, purchase transaction records, and cell phone GPS signals, to name just a few.
Thanks to cloud computing, petabytes of unstructured data are created daily online and much of this information has an intrinsic business value if it can be captured and analyzed.
However, there are elephant-sized negatives to big data, chiefly security and data authenticity concerns. The biggest concern is that because so much of big data is created externally it is more vulnerable to theft and tampering than if it were created inside the corporate firewall.
Consequently, the ability to validate the authenticity of externally created big data grows exponentially because more and more business decisions are based on the analysis of external data.
Big data security issues in the workplace
While many organizations have well-defined IT security policies, those policies mostly revolve around trust and procedure, both of which can break down and fail.
A major complicating factor is that nearly all physical forms of documentations and transactions have digitized versions—which means organizations must validate duplicate sets of data and be able to respond quickly to any invalid data set.
At the same time, cybercrime has emerged as a very profitable business for criminals—underlining the growing need to validate and verify all kinds of data.
Another area of concern is the increasing dominance of mobile communications within most organizations. This mobile dimension opens up another deep fissure of insecurity, as the myriad types of mobile devices and mobile networks can create new avenues for malicious practices.
The need for a completely trustworthy technology
A solution needs to ensure that the data is indeed what it portrays itself to be, meaning that no third-party has purposefully or accidentally changed what has been agreed upon and documented.
Ideally, a solution should have built-in data authenticity. In the financial world, this level of authenticity is essential as data needs to be authenticated and tamper-proof. For organizations that host the data of others, data authenticity becomes a critical core competency of their business.
In some specific cases where services are being used for sharing documents associated with significant transactions (M&A for instance), the consequences of information tampering can be dire.
The issue of data authenticity presents tremendous headaches for all types of organizations that wish to adopt a cloud computing model.
When data is hosted onsite, the process of data authenticity can certainly be a major challenge. However, when data is not hosted within the traditional internal IT datacenter, organizations face intense pressure to ensure that data authenticity is rock-solid.
Explaining keyless signatures
A keyless signature provides an alternative method to key-based technologies, and delivers proof and non-repudiation of electronic data using only hash functions for verification. By using hash functions, the technology can prove the time, authenticity, and origin (machine, organization, individual) of the input data.
In addition, keyless signature technology provides mass-scale, non-expiring data validation while eliminating the need for secrets or other forms of trust. Thus, it eliminates the need for complex certificate-based solutions which carry certificate management issues, including expiration and revocation.
Any client using the keyless signature service can make a request to sign any data item it has access to, be it a log file, XML file, office document, database record, SWIFT transaction, FPML message, eDiscovery product, and so on. In return, the client will receive a keyless signature which can be stored alongside the signed data, within the signed data, or in a repository separate from the signed data for backup and archival purposes.
This technology helps organizations to validate, verify and self-authenticate their big data. The keyless nature of the technology reduces the security and administrative footprint because it removes the need for cipher keys and passwords, which can be lost or mislaid.
For data authentication to be aligned squarely with data authenticity, taking signatures keyless is crucial in our brave new big data world.