Data-Centric Security Needed to Protect Big Data Implementations: Results of the 2015 SANS Big Data Survey Released

Bethesda, Md. – Big data implementations are deployed across the organizations of 55% of the 206 respondents to take the 2015 SANS Survey on Security of Big Data Environments, while an additional 28% plan to develop such implementations in the next two years. They are using their big data analytics systems for business and competitive intelligence, consumer trending, science/diagnostics and other business purposes, according to the survey.

"Big data can have big benefits for business but it also presents a big target for cybercriminals," says John Pescatore, SANS director of emerging technologies and advisor on the survey. "Building security into and around big data storage and analytics systems will be key to avoiding expensive, large scale breaches of sensitive business and customer data."

For example, sensitive data relating to customers and corporate intelligence are commonly stored in big data applications, many of which are now migrating to the cloud. In the survey, sponsored by Cloudera, 73% of respondents identified personally identifiable information as being stored in big data applications; while 72% say they store corporate information and intelligence.

"Over the course of the next couple years, respondents appear to be focusing more on the data- or information-oriented security controls such as encryption and strong authentication so that the controls can travel with the data rather than just happening at the application layer," says Barbara Filkins, SANS Analyst and author of the survey results paper. "Those interests echo the need for comprehensive security controls that maintain the benefits of big data without compromising security."

Today, 54% of respondents are focused on integration with existing identity and access management infrastructure, 45% on implementation of role-based authorization controls (RBAC) and 27% on monitoring around data aggregation. Over the next twelve months, respondents indicated that their organizations will increase focus on implementing the information-oriented elements of a big data architecture.

"The survey shows that over the next year respondents will focus on data classification, access controlled by tagging and policy-aware infrastructure (ABAC)," Filkins continues. "Respondents say their organizations are also focusing on data de-identification and monitoring their session and service controls in support of use business analysis cases."

Full results will be shared during a Thursday, June 18 webcast at 1 PM EDT, sponsored by Cloudera, and hosted by SANS. Register to attend the webcast at

Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and cybersecurity expert Barbara Filkins.


What You Need to Know about #BIGDATA on JUNE 18: ID Major Threats & Removing Security/Compliance Barriers

Free webcast/whitepaper June 18: Survey results on #BIGDATA usage/implementation/security. Reg: #infosec

Survey Results on 6/18: An update on how #bigdata is used, implemented & secured. Register: #infosec

Work with #BigData? Survey results on Securing Big Data Applications 6/18, 1 PM EDT. Register: #infosec

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cyber security training events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (