Keeping Operations Afloat

Talking about a sea of storage in terms of exabytes

The amount of data we generate on a daily basis is astounding, and it’s only growing larger with each passing day. Consider this: All data generated from the beginning of time to 2003 totaled around two exabytes, according to an International Journal of Communication study. In 2013, the total was five exabytes, per day.

In the last decade, talk about data storage has been in terms of megabytes (1,000 kilobytes) to gigabytes (1,000 megabytes) to terabytes (1,000 gigabytes) to petabytes (1,000 terabytes) to exabytes (1,000 petabytes). As data storage needs continue to spiral upward, we’ll soon be talking about zettabytes, yottabytes, brontobytes and geopbytes, each of which is 1,000 times larger than its predecessor.

So, just where is all this data coming from?

Big data comes from every device that has an IP address— originally, those were primarily computers, smartphones, tablets and other Internet-connected devices. Now, we can add smart refrigerators that send an alert when you’re running low on milk, cars that text to say the coolant level is low, and other devices equipped with integrated sensors that allow them to communicate via GPS, RFID, Wi-Fi and other protocols.

Networked security systems fall into this expanding information network known as “the Internet of Things” or IoT. This growing network is impacting the way security systems operate, creating opportunities for new business models, improving business processes, and reducing costs and risks.

The Traditional Versus the Present

Traditional, old-style integrations feature one-to-one connections between systems for data exchange, with data most often able to flow in just one direction at a time. Today’s systems, however, allow data to move in a stream of simultaneous, complex conversations as devices talk and listen to each other. Acting independently, they listen for specific events to occur, and then, the system takes action based on the information received. Rather than a simple pipe between systems, these new-style interactions are distributed with information and data flowing in several directions between multiple systems, all at the same time.

Under this new paradigm, an ID card swipe can be much more than a means of opening a door. If the access control system is part of an integrated, interconnected building system, there are a number of events that simple card swipes could trigger. For example, a video analytics system may be used to determine if the person at the door is the cardholder or if anyone else enters the building on that single card swipe. Meanwhile, an intelligent building control system can send an elevator to the entry floor and turn on lights and HVAC systems in the area of the building appropriate to that individual’s identity. The access control system could notify the IT department to expect the cardholder to log-in to the system shortly or send an alert if they do not.

These are just some of the possible activities that could come from a single ID card swipe. The data generated by the swipe could be stored in a centralized location or within each of the separate systems— or even both.

Opportunities in Big Data

Nearly all systems, including security, are connected to the Internet, and are generating large amounts of data. The information an organization could gather from this extensive amount of data is tremendous. So, when talking about data being big, we’re not just talking about its size, but also the opportunities it presents.

Using the extensive data gathered from every transaction or event, organizations can gain insights that, with the right analysis, can make their operations more agile and answer questions previously considered beyond their reach—or even conjure up questions no one had ever thought to ask. This could lead to new business models, improved business processes, and reduced costs and risks.

These massive amounts of data have several important implications for security. When properly sorted, searched and executed, data becomes intelligence. This intelligence becomes incredibly useful, whether it’s used for business, law enforcement or another entity, and must be protected by both logical and physical means. Because of this, interaction, cooperation and collaboration between security and IT is promoted to manage data, including where it will be stored, how it will be accessed, who can access what data, and from where.

Data is the root of all decisions, whether for security or for organizations as a whole. So, it would stand to reason that the more data an organization collects, the more informed leadership or management will be; and by extension, the better their decisions will be. Unfortunately, this is not always the case.

Security Organizations in Relation to Big Data

Many security operations don’t act the way they should in relation to big data. Five to 10 years ago, security groups and protection of systems relied on data to develop processes, functions and policies to strengthen security. However, at that time, there was nowhere near the amount of data to collect and analyze as there is today. In relation to big data, security groups, or data in general, are now classified as high-volume, high-variety and high-velocity data, meaning lots of data from a variety of sources, occurring constantly. For security purposes, we still rely on that data, but the problem is that it’s often just too much to handle properly.

For many organizations, simply organizing the vast quantity of security- and incident-related data, let alone analyzing it and using it to make smart decisions, poses a tremendous challenge. Many lack a comprehensive approach to making sense of all this data, and as a result end up missing potential opportunities and benefits that it presents.

The main problem is that a lot of systems today weren’t designed to handle the large amounts of data being generated. These old-school solutions aren’t capable of collecting and analyzing this data fast enough to be of use to security organizations. After an incident occurs, this lack of functionality is often communicated as, “We didn’t have the data to know that might happen.” The data was there; there was just no way to extract and analyze it to uncover trends and identify potential threats and risks that could have been addressed to prevent the incident from occurring.

So, how can security organizations gather and make sense of data that’s collected in a way that’s going to be useful for eliminating or mitigating potential threats and risks?

Incident Management Comes into Play

At its core, incident management is about capturing, managing and analyzing data to make informed decisions—regardless of the amount of data that’s been collected. The incident, investigation and case management space has become the central repository for important data as it relates to planning counter-measures, and making intelligent decisions regarding security and risk management.

Currently, there is an unprecedented level of enterprise data capture, analytics and trending tools used in security for massive datasets. A robust incident management system turns the challenge of big data—generated by video feeds, alerts and notifications, triggers, sensors, alarm data—into a major asset for security operations and the entire organization.

Integrated incident management solutions collect, analyze and report on security and enterprise data, enabling organizations to quickly and easily perform a number of important functions related to incidents including planning, preparation, identification, response, management, documentation, collaboration, investigation, analysis and reporting.

The right tools automate the massive tasks of data collection and integration for security operations. The end result is a higher level of preparedness at both the security and organizational levels that enables intelligent and informed decision making, in addition to mitigating or eliminating risks and threats.

This article originally appeared in the November 2014 issue of Security Today.

Featured

  • Enforcing Zero Trust in a Hybrid Work Environment

    Enforcing Zero Trust in a Hybrid Work Environment

    The effects of the pandemic have rippled across the business world like a meteor hitting a pond, creating a new plethora of challenges that incorporated into MBA curriculum for years to come. Read Now

  • First Responders Give NIST Their Communications Tech Wish Lists

    First Responders Give NIST Their Communications Tech Wish Lists

    Our first responders have spoken. An extensive research project conducted by experts at the National Institute of Standards and Technology (NIST) reveals what our country’s police, fire, emergency medical and 911 dispatch responders think about the communications technology they use on a regular basis and how they would like developers to improve it in the future. Read Now

  • Study Finds U.S. Enterprises Hit by Short-staffed Security Operations Centers

    Study Finds U.S. Enterprises Hit by Short-staffed Security Operations Centers

    ManageEngine, the enterprise IT management division of Zoho Corporation, recently announced results from its new study, Cloud Security Outlook 2023. The study found that enterprises have a limited number of analysts running their security operations centers (SOCs) and are deploying multiple tools in an attempt to address their cloud security challenges. Read Now

  • Report: More Than Half of Organizations Have Experienced an Insider Threat in the Past Year

    Report: More Than Half of Organizations Have Experienced an Insider Threat in the Past Year

    Gurucul, a provider of solutions in the Next Generation SIEM market, and Cybersecurity Insiders, a 600,000+ member online community for information security professionals, recently released its annual 2023 Insider Threat Report. Overall, results indicate insider threats are a top concern at organizations of all kinds; only 3% of respondents surveyed are not concerned with insider risk. Read Now

Featured Cybersecurity

New Products

  • PDK IO Access Control Software

    PDK.IO Access Control Software

    ProdataKey now allows for "custom fields" within the interface of its pdk.io software. Custom fields increase PDK's solutions' overall functionality by allowing administrators to include a wide range of pertinent data associated with each user. 3

  • ComNet CNGE6FX2TX4PoE

    The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance. 3

  • Tyco Kantech EntraPass security management software

    Tyco Kantech EntraPass security management software

    Johnson Controls, the global leader in smart, healthy and sustainable buildings, and architect of the Open Blue digital connected platforms, has released the newest version of the Tyco Kantech EntraPass security management software. 3