Stored digital data is doubling every two years reaching one zettabyte last year equivalent to 4.9 quadrillion books. Over 1 billion devices will be connected to the internet this year. Each one of them will start churning out heaps of data. While the most common analytics are based on structured data, the real goldmine is in unstructured data that is 5 times larger and growing 3 times faster. Art Coviello, executive chairman of RSA, the security division of EMC, talks about how Big Data is addressing security challenges. Excerpts.
Hackers are getting increasingly sophisticated. How are security companies like yours gearing up to tackle newer challenges?
Historically, our security infrastructure has been able to act and react against known threats. In the last five years, IT infrastructure has changed dramatically with cloud, mobility, web applications and social media. We are preparing ourselves to respond to newer challenges in the threat landscape including the unknown. I don't mean to imply that we are headed to some security utopia .
How does intelligence-based security system detect attacks in an evolving threat landscape?
With cloud and mobility, there's no discernible perimeter . In an intelligence-driven security system, there's a thorough understanding of risk based on predictive analytics . The ability to analyse vast streams of data from numerous sources will result in intelligent information. For instance, if you look at our risk-based authentication at HDFC in India, it will not only identify you based on the device you log in from, but also by geography and IP address.
How is the CIO's office gearing up for an all-new security landscape?
One question I often ask is how chief information officers are spending their security budgets. And most of them don't know the split in terms of prevention, detection and response. In a perimeter system, about 70% of the pie is spent on prevention, 20% on detection and 10% on responding to attacks. The pie has to be better balanced in an intelligent-based security system.
How can India prevent repeated instances of financial frauds?
The Indian government should come up with prescriptive regulations around digital certificates and signatures. Such initiatives will secure Unique ID (UID) data. But the bigger challenge is to protect those biometric credentials without getting compromised .
(This correspondent was in San Francisco at the invitation of RSA)