Keeping Operations Afloat

Talking about a sea of storage in terms of exabytes

• By Brian McIlravey
• Nov 03, 2014

The amount of data we generate on a daily basis is astounding, and it’s only growing larger with each passing day. Consider this: All data generated from the beginning of time to 2003 totaled around two exabytes, according to an International Journal of Communication study. In 2013, the total was five exabytes, per day.

In the last decade, talk about data storage has been in terms of megabytes (1,000 kilobytes) to gigabytes (1,000 megabytes) to terabytes (1,000 gigabytes) to petabytes (1,000 terabytes) to exabytes (1,000 petabytes). As data storage needs continue to spiral upward, we’ll soon be talking about zettabytes, yottabytes, brontobytes and geopbytes, each of which is 1,000 times larger than its predecessor.

So, just where is all this data coming from?

Big data comes from every device that has an IP address— originally, those were primarily computers, smartphones, tablets and other Internet-connected devices. Now, we can add smart refrigerators that send an alert when you’re running low on milk, cars that text to say the coolant level is low, and other devices equipped with integrated sensors that allow them to communicate via GPS, RFID, Wi-Fi and other protocols.

Networked security systems fall into this expanding information network known as “the Internet of Things” or IoT. This growing network is impacting the way security systems operate, creating opportunities for new business models, improving business processes, and reducing costs and risks.

The Traditional Versus the Present

Traditional, old-style integrations feature one-to-one connections between systems for data exchange, with data most often able to flow in just one direction at a time. Today’s systems, however, allow data to move in a stream of simultaneous, complex conversations as devices talk and listen to each other. Acting independently, they listen for specific events to occur, and then, the system takes action based on the information received. Rather than a simple pipe between systems, these new-style interactions are distributed with information and data flowing in several directions between multiple systems, all at the same time.

Under this new paradigm, an ID card swipe can be much more than a means of opening a door. If the access control system is part of an integrated, interconnected building system, there are a number of events that simple card swipes could trigger. For example, a video analytics system may be used to determine if the person at the door is the cardholder or if anyone else enters the building on that single card swipe. Meanwhile, an intelligent building control system can send an elevator to the entry floor and turn on lights and HVAC systems in the area of the building appropriate to that individual’s identity. The access control system could notify the IT department to expect the cardholder to log-in to the system shortly or send an alert if they do not.

These are just some of the possible activities that could come from a single ID card swipe. The data generated by the swipe could be stored in a centralized location or within each of the separate systems— or even both.

Opportunities in Big Data

Nearly all systems, including security, are connected to the Internet, and are generating large amounts of data. The information an organization could gather from this extensive amount of data is tremendous. So, when talking about data being big, we’re not just talking about its size, but also the opportunities it presents.

Using the extensive data gathered from every transaction or event, organizations can gain insights that, with the right analysis, can make their operations more agile and answer questions previously considered beyond their reach—or even conjure up questions no one had ever thought to ask. This could lead to new business models, improved business processes, and reduced costs and risks.

These massive amounts of data have several important implications for security. When properly sorted, searched and executed, data becomes intelligence. This intelligence becomes incredibly useful, whether it’s used for business, law enforcement or another entity, and must be protected by both logical and physical means. Because of this, interaction, cooperation and collaboration between security and IT is promoted to manage data, including where it will be stored, how it will be accessed, who can access what data, and from where.

Data is the root of all decisions, whether for security or for organizations as a whole. So, it would stand to reason that the more data an organization collects, the more informed leadership or management will be; and by extension, the better their decisions will be. Unfortunately, this is not always the case.

Security Organizations in Relation to Big Data

Many security operations don’t act the way they should in relation to big data. Five to 10 years ago, security groups and protection of systems relied on data to develop processes, functions and policies to strengthen security. However, at that time, there was nowhere near the amount of data to collect and analyze as there is today. In relation to big data, security groups, or data in general, are now classified as high-volume, high-variety and high-velocity data, meaning lots of data from a variety of sources, occurring constantly. For security purposes, we still rely on that data, but the problem is that it’s often just too much to handle properly.

For many organizations, simply organizing the vast quantity of security- and incident-related data, let alone analyzing it and using it to make smart decisions, poses a tremendous challenge. Many lack a comprehensive approach to making sense of all this data, and as a result end up missing potential opportunities and benefits that it presents.

The main problem is that a lot of systems today weren’t designed to handle the large amounts of data being generated. These old-school solutions aren’t capable of collecting and analyzing this data fast enough to be of use to security organizations. After an incident occurs, this lack of functionality is often communicated as, “We didn’t have the data to know that might happen.” The data was there; there was just no way to extract and analyze it to uncover trends and identify potential threats and risks that could have been addressed to prevent the incident from occurring.

So, how can security organizations gather and make sense of data that’s collected in a way that’s going to be useful for eliminating or mitigating potential threats and risks?

Incident Management Comes into Play

At its core, incident management is about capturing, managing and analyzing data to make informed decisions—regardless of the amount of data that’s been collected. The incident, investigation and case management space has become the central repository for important data as it relates to planning counter-measures, and making intelligent decisions regarding security and risk management.

Currently, there is an unprecedented level of enterprise data capture, analytics and trending tools used in security for massive datasets. A robust incident management system turns the challenge of big data—generated by video feeds, alerts and notifications, triggers, sensors, alarm data—into a major asset for security operations and the entire organization.

Integrated incident management solutions collect, analyze and report on security and enterprise data, enabling organizations to quickly and easily perform a number of important functions related to incidents including planning, preparation, identification, response, management, documentation, collaboration, investigation, analysis and reporting.

The right tools automate the massive tasks of data collection and integration for security operations. The end result is a higher level of preparedness at both the security and organizational levels that enables intelligent and informed decision making, in addition to mitigating or eliminating risks and threats.

This article originally appeared in the November 2014 issue of Security Today.