Big Data in a Security Context
Today the term Big Data is starting to draw a lot of attention from technology professionals, but behind the hype there’s a simple story.
For decades, large companies have been making business decisions based on historical data stored in a variety of databases. Beyond this critical data, however, is a potential goldmine of non-traditional, less structured and previously unrelated data that can be mined for useful information. Decreases in the cost of both storage and computing power have made it feasible to collect this data – which would have been thrown away only a few years ago. As a result, more and more companies are looking to link data that was previously thought to be unrelated, and to begin applying smart business intelligence analysis to provide quality management information.
Traditional security processes and systems have the potential to generate a huge amount of Big Data, but Big Data in isolation is meaningless. The end goal has to be the provision of risk-based information allowing improved security decision making – based on prioritised, actionable insight derived from Big Data. Based upon information from traditional IT data mining, the amount of data available to be analysed by corporate security departments is likely to double every year through to 2016 – and coupled with other relevant Facility and Risk Management data the task may seem impossible.
Over the last several years a category of cloud- based hosted solution software that provides an integration platform and applications has been created. These systems are designed to integrate multiple security applications and devices and control them through one comprehensive user interface. The software collects and correlates events from existing disparate security, facility management, risk and information systems to enable personnel to identify and proactively resolve situations. The system acts as a central repository for data and manipulates the data to produce actionable information using a sophisticated work rules engine. The integration of applications across security, risk and facility management provides numerous organisational benefits, including increased control, improved situational awareness, and timely and accurate management reporting. Ultimately, these cloud-based solutions allow organisations to reduce costs through improved efficiency and to improve security through increased intelligence.
Typically the central repository software comprises a suite of tools which has six key capabilities:
- Collection: The software collects data from any number of existing disparate systems.
- Analysis: The system analyses and correlates the data, events and activities, to identify the real situations and their priority based upon defined work rules.
- Verification: The software presents the relevant situation information in a quick and easily-digestible format for an operator to review and validate.
- Resolution: The system provides mitigation actions and step-by-step instructions based on best practices and an organisation’s policies, and tools such as a risk audit tool to resolve the situation.
- Reporting: The software tracks all the information and steps for compliance reporting, training and, potentially, in-depth investigative analysis.
- Audit trail: The software also monitors how each user interacts with the system, tracks any manual changes to associated systems and manages reaction times for each event.
A key differential between this Big Data approach and other forms of physical security system integration is the ability for a single software platform to connect security, facility and risk management systems at a data level rather than simply interfacing a limited number of products.
The goal of a Big Data analytics software tool is to provide a risk-based security intelligence platform that allows a stronger decision making process and not simply to gather more data! To do this effectively, the solution must be able to reflect a whole series of company- specific work rules and distil down vast amounts of data into meaningful security intelligence.
So, in the context of security, how can this approach really help?
A true Big Data security platform is based around adding business value, and its ability to link into other business systems allows it to increase overall business performance. The potential impact to a business of a security breach could now be too far-reaching to keep related data previously perceived as unimportant down at the operational level. In-depth and specialised reporting used in conjunction with a robust work rules engine using simple built-in tools can easily generate a variety of instant notifications to alert any number of colleagues to an event, and allow the appropriate resources to be deployed to ensure speedy resolution.
A significant added value of a cloud-based platform of this type is its ability to guide an operator through the process of managing incidents. This is typically put in place to ensure security and operational staff comply with processes put in place to meet company risk management policies, and to ensure compliance with legal frameworks and the requirements of regulatory bodies. Often the need to enforce regulatory compliance is the key value driver of this type of solution. This could be as simple as managing the audit process of access control rights to secure areas or reporting on potential Health and Safety incidents. Alternatively, it could be as far- reaching as managing compliance to Emergency Action Plans, where data taken from an existing access control system is referenced to the requirements of an Emergency Action Plan in order to highlight in real time shortfalls in qualified first aiders or fire marshals.
Ultimately, a Big Data approach must provide an ability to link vast amounts of security, risk and property-related data and present it in such a way that the security and risk professionals can understand and address risk in real time in a way that reflects their business. It’s a challenge that many organisations will need to take on, particularly in the financial sector and for those other organisations with a high level of security risk and regulatory pressure. Success will come from careful definition of objectives and selection of the right software platform to bring together all of the relevant security, risk and facility data.