Page 76 - index
P. 76
Enterprise Security and the Machine Data Tsunami
The changing landscape of security data in an age of decentralized computing
by Joan Pepin, VP of Security and CISO, Sumo Logic
As the proliferation of devices and hardware continues, machine data volumes are now a
tsunami. A few years ago, the cost of maintaining PCI (Payment Card Industry) compliance was
counted around $200,000. As the mass quantities of data to be monitored as part of maintaining
this and other compliance standards grow, enterprises are not only facing fines for letting
compliance lapse, but the real risk of a malicious threat is rising in this era of the “mega-breach.”
Recently Ponemon Institute pegged the average cost to a company as a result of a security
breach at $3.5 million. The estimated annual cost of cybercrime as reported by the Center for
Strategic and International Studies has hit over $400 billlion. Put those two numbers together
and that equates to a lot of high-priced security breaches. Let’s try to add some context around
this problem.
The source of machine data is much more complex than it was 10 years ago. BYOD, cloud
computing, and de-centralized IT infrastructures are increasing the source and quantity of
devices and data traversing the network. But with more devices accessing the network, the
storage and analysis of this Big Data is growing even more critical for enterprises to understand
and evaluate their security posture. Cisco predicts that the Internet of Things-related devices will
balloon to between 15 and 25 billion by 2015. More devices equals more machine data. And the
effect is non-linear. More devices, running more applications, each interacting with more
services (cloud storage, cloud authentication, and cloud-based exception tracking are often all
used by a single application) equals an exponential increase in interfaces. Industry analyst firm
IDC quantifies what we can expect: the volume of machine data will grow 15 times by 2020. For
an enterprise looking for the needle in the haystack – the alert or warning that a malicious threat
might be in play – this is a significant obstacle as neither IT budgets nor staffing will match this
rate of growth.
Consider how an enterprise that shifted from on-premise to cloud-based services and software
might view their compliance landscape. When most, if not all, software and systems resided on-
premise, the IT organization can specifically monitor the performance of their onsite
infrastructure – hardware, software, networks and storage. Once some of this storage and
compute capacity is transitioned to the cloud, an organization must negotiate SLAs (service
level agreements) with the cloud provider to ensure data is available when it’s needed and all
security protocols promised to their customers remain in place. Multiply that process across
dozens of software and solution providers that also leverage the cloud, and you can see how
the picture gets complicated quickly.
As the quantity and severity of security breaches continue, maintaining compliance is a key first
step in ensuring that customer and business-critical data is properly managed. As lives become
increasingly digitized – though it’s difficult to imagine them more than they are now – the stakes
76 Cyber Warnings E-Magazine – July 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
