• United States




Big data: too valuable and too challenging to be overlooked

Jan 08, 20194 mins
Big DataData and Information SecurityTechnology Industry

The positive potential of big data is enormous, spanning virtually all industries and impacting both the public and private sectors. However, we must also be mindful of safeguarding big data as much as collecting and utilizing it.

As the new year begins and business leaders refine their 2019 plans, how to effectively deploy technology increasingly will be a focal point of conversations in the boardroom and elsewhere throughout the enterprise. While trending technologies such as artificial intelligence, blockchain and 5G wireless networks command much of the mindshare in the new year, one technology that might no longer be deemed buzzworthy should nonetheless be a major consideration in 2019 for the C-suite and security teams alike – how to derive value while mitigating risk from big data. 

The term “big data” has been in circulation for many years, but big data continues to evolve in scope and capability, especially with AI, augmented analytics and other emerging technologies enabling data to be harnessed in more sophisticated fashion. ISACA’s 2018 Digital Transformation Barometer shows that big data remains the technology most capable of delivering organizations transformative value, and it is easy to see why. The positive potential of big data is enormous, spanning virtually all industries and impacting both the public and private sectors. Of critical importance, organizations can tap into big data sets to better understand their customers and configure predictive models that allow them to be more strategic and proactive in their business planning. 

While the benefits for private-sector enterprises are immense, there is perhaps even more upside for society, generally. For example, big data can be used to accelerate the progress made in scientific research, improve patient outcomes in healthcare by revealing more nuanced treatment patterns and aid in the modernization of urban centers by allowing cities to more effectively govern traffic flow and the deployment of city resources. In the context of these and other high-impact innovations that are in progress, the Internal Data Corporation (IDC) made the whopping projection that worldwide revenues for big data and business analytics will reach $260 billion by 2022. 

Big data has distinct security concerns

Despite the considerable enthusiasm for big data-driven projects and use cases, big data also presents a range of evolving challenges from a security and privacy standpoint. All emerging technologies introduce new threats, and the same holds true for big data. While many of the fundamentals of network security apply to big data, there are some distinct considerations when it comes to securing big data. Enterprises often turn to NoSQL databases, which allow for more scalability than conventional, relational databases, to store big data, introducing new cost and security challenges.

Additionally, traditional controls such as encryption may introduce bottlenecks due to the size of the data, meaning practitioners need to become more creative in protecting big data. Data anonymization, which allows organizations to protect the privacy of individuals within a data set, is typically an effective approach, and can be especially useful when enterprises are working with third-party vendors. Further, security frameworks, particularly those that align with pertinent standards and regulations, can be utilized during big data implementation projects in order to incorporate all appropriate controls by design. These frameworks also help organizations avoid taking shortcuts in their data governance that could open the door to a large-scale breach or, on a less dramatic but still significant note, identify inefficient practices that do little to help organizations extract value from their data. 

Whatever approaches are taken, enterprise leaders need to be every bit as committed to safeguarding big data as they are to the data’s collection and utilization. Without a doubt, big data presents an attractive target to attackers since big data is highly valued – after all, the bigger the data, the bigger the breach. Several attack types exist, potentially impacting both the confidentiality and the integrity of the data, meaning security practitioners must possess an overarching understanding of the threats that could impact the data. This challenge becomes all the more difficult considering the wide variety of sources and data types that encompass big data.

Although the security risks that that accompany big data can be daunting, addressing these concerns head-on is the only viable option, as big data becomes an increasingly valuable asset for enterprises to harness. Not only does the proliferation of data in the digital transformation era create new security risks, but the complexity of storing and managing the data can contribute to lower employee morale and higher turnover among IT professionals, according to a Vanson Bourne study. All of these factors call upon organizations to develop a cohesive, holistic strategy for big data, with extensive collaboration between the C-suite and enterprise security leaders. We have seen the hype around many emerging technologies ebb and flow in recent years, but the need to effectively handle big data has become a fixture on the enterprise landscape that will require ongoing attention and investment in the new year, and beyond.


Experienced leader and board member, international authority in cybersecurity, with a proven track record in developing and managing strategy, programs and initiatives. Innovative thinker, with several international patents to his name, proven successful communicator and consensus builder across borders and cultures.

Chris is Director and Past Chair of the Board of ISACA, an international non-for-profit association with more than 200 Chapters, serving more than 160,000 IT, Cybersecurity, Information Security, Audit, Risk and Compliance professionals, in 180 countries. He has served ISACA as Chair of the Board for 2 consecutive terms (2015-2016 and 2016-2017) and as director of the BoD for 9 terms (2010-2014 and 2015-present).

Chris is also a Board Member at INTRALOT a leading gaming solutions supplier and operator active in 42 regulated jurisdictions around the world. Prior to his role he has served as Group CEO, Group Chief Services and Delivery Officer, Group Director of Technology Operations and Group Director of Information Security.

He has also served as a member of the Permanent Stakeholders Group (PSG) of the European Network and Information Security Agency (ENISA) from 2012 to 2015. Chris has been working in the area of information technology for 20 years, he holds 3 patents, 6 awards and has authored more than 150 publications.

He holds a degree in Electrical and Computer Engineering and a Ph.D. in Information Security.