Keeping Operations Afloat
Talking about a sea of storage in terms of exabytes
- By Brian McIlravey
- Nov 03, 2014
The amount of data we generate on a daily
basis is astounding, and it’s only growing
larger with each passing day. Consider this:
All data generated from the beginning of
time to 2003 totaled around two exabytes,
according to an International Journal of
Communication study. In 2013, the total was five exabytes,
per day.
In the last decade, talk about data storage has been in terms
of megabytes (1,000 kilobytes) to gigabytes (1,000 megabytes)
to terabytes (1,000 gigabytes) to petabytes (1,000 terabytes) to
exabytes (1,000 petabytes). As data storage needs continue to
spiral upward, we’ll soon be talking about zettabytes, yottabytes,
brontobytes and geopbytes, each of which is 1,000 times larger
than its predecessor.
So, just where is all this data coming from?
Big data comes from every device that has an IP address—
originally, those were primarily computers, smartphones, tablets
and other Internet-connected devices. Now, we can add smart refrigerators
that send an alert when you’re running low on milk,
cars that text to say the coolant level is low, and other devices
equipped with integrated sensors that allow them to communicate
via GPS, RFID, Wi-Fi and other protocols.
Networked security systems fall into this expanding information
network known as “the Internet of Things” or IoT. This
growing network is impacting the way security systems operate,
creating opportunities for new business models, improving business
processes, and reducing costs and risks.
The Traditional Versus the Present
Traditional, old-style integrations feature one-to-one connections
between systems for data exchange, with data most often able to
flow in just one direction at a time. Today’s systems, however, allow data to move in a stream of simultaneous,
complex conversations as devices
talk and listen to each other. Acting independently,
they listen for specific events to
occur, and then, the system takes action
based on the information received. Rather
than a simple pipe between systems, these
new-style interactions are distributed with
information and data flowing in several
directions between multiple systems, all at
the same time.
Under this new paradigm, an ID card
swipe can be much more than a means of
opening a door. If the access control system
is part of an integrated, interconnected
building system, there are a number of
events that simple card swipes could trigger.
For example, a video analytics system
may be used to determine if the person
at the door is the cardholder or if anyone
else enters the building on that single card
swipe. Meanwhile, an intelligent building
control system can send an elevator
to the entry floor and turn on lights and
HVAC systems in the area of the building
appropriate to that individual’s identity.
The access control system could notify the
IT department to expect the cardholder
to log-in to the system shortly or send an
alert if they do not.
These are just some of the possible
activities that could come from a single
ID card swipe. The data generated by the
swipe could be stored in a centralized location
or within each of the separate systems—
or even both.
Opportunities in Big Data
Nearly all systems, including security, are
connected to the Internet, and are generating
large amounts of data. The information
an organization could gather from
this extensive amount of data is tremendous.
So, when talking about data being
big, we’re not just talking about its size,
but also the opportunities it presents.
Using the extensive data gathered
from every transaction or event, organizations
can gain insights that, with the
right analysis, can make their operations
more agile and answer questions previously
considered beyond their reach—or
even conjure up questions no one had
ever thought to ask. This could lead to
new business models, improved business
processes, and reduced costs and risks.
These massive amounts of data have
several important implications for security.
When properly sorted, searched and executed,
data becomes intelligence. This intelligence
becomes incredibly useful, whether
it’s used for business, law enforcement or
another entity, and must be protected by
both logical and physical means. Because
of this, interaction, cooperation and collaboration
between security and IT is promoted
to manage data, including where it
will be stored, how it will be accessed, who
can access what data, and from where.
Data is the root of all decisions, whether
for security or for organizations as a
whole. So, it would stand to reason that
the more data an organization collects, the
more informed leadership or management
will be; and by extension, the better their
decisions will be. Unfortunately, this is not
always the case.
Security Organizations in
Relation to Big Data
Many security operations don’t act the
way they should in relation to big data.
Five to 10 years ago, security groups and
protection of systems relied on data to
develop processes, functions and policies
to strengthen security. However, at that
time, there was nowhere near the amount
of data to collect and analyze as there
is today. In relation to big data, security
groups, or data in general, are now classified
as high-volume, high-variety and
high-velocity data, meaning lots of data
from a variety of sources, occurring constantly.
For security purposes, we still rely
on that data, but the problem is that it’s
often just too much to handle properly.
For many organizations, simply organizing
the vast quantity of security- and
incident-related data, let alone analyzing
it and using it to make smart decisions,
poses a tremendous challenge. Many lack
a comprehensive approach to making
sense of all this data, and as a result end
up missing potential opportunities and
benefits that it presents.
The main problem is that a lot of systems
today weren’t designed to handle the
large amounts of data being generated.
These old-school solutions aren’t capable
of collecting and analyzing this data fast
enough to be of use to security organizations.
After an incident occurs, this lack
of functionality is often communicated as,
“We didn’t have the data to know that might
happen.” The data was there; there was just
no way to extract and analyze it to uncover
trends and identify potential threats and
risks that could have been addressed to prevent
the incident from occurring.
So, how can security organizations
gather and make sense of data that’s collected
in a way that’s going to be useful for
eliminating or mitigating potential threats
and risks?
Incident Management
Comes into Play
At its core, incident management is about
capturing, managing and analyzing data
to make informed decisions—regardless
of the amount of data that’s been collected.
The incident, investigation and case
management space has become the central
repository for important data as it relates
to planning counter-measures, and making
intelligent decisions regarding security
and risk management.
Currently, there is an unprecedented
level of enterprise data capture, analytics
and trending tools used in security for
massive datasets. A robust incident management
system turns the challenge of
big data—generated by video feeds, alerts
and notifications, triggers, sensors, alarm
data—into a major asset for security operations
and the entire organization.
Integrated incident management solutions
collect, analyze and report on security
and enterprise data, enabling organizations
to quickly and easily perform a
number of important functions related to
incidents including planning, preparation,
identification, response, management,
documentation, collaboration, investigation,
analysis and reporting.
The right tools automate the massive
tasks of data collection and integration
for security operations. The end result
is a higher level of preparedness at both
the security and organizational levels that
enables intelligent and informed decision
making, in addition to mitigating or eliminating
risks and threats.
This article originally appeared in the November 2014 issue of Security Today.