May 17, 2013

Security executives are stepping in line and forming their own strategies, approaches, and use cases to achieve that new competitive edge. CISO’s are conquering this frontier by reducing risk and fraud, whether it stems from cyber data loss or questionable customer transactions.

In general, businesses have made progress in laying the foundations for the required technical data-mart infrastructure and the organization structure to support big data security initiatives. And yet, there is much work to be done in other component areas of the complex journey of building the successful security program.

Organizations can benefit by leveraging existing skilled and proven data scientists from within the core business community to propel the journey forward.

Here are seven ways that CISOs of banking institutions can leverage the Security Data Scientist:

  • Blueprint the program: Most security and Big Data experts agree that starting with a blueprint for a holistic cyber security program is key. Tenets of this blueprint start with understanding business requirements first, then the infrastructure and data sources. Quantitative analysis is later performed to support the business opportunity.
  • Define Use Cases: Identify the criteria for success through business use cases tying back to bigger business drivers and objectives. In the banking and financial services industries this can often be tied to imperatives such as the mitigation of data loss, reduction of fraud, and the identification of low profile cyber-attacks.
  • Understand the current implementation level: Most organizations have early forms of big data solutions in-house, and it only makes sense to get educated on their implementation and how they stack up against industry standards. This is a logical starting point of the program.
  • Merge business and security data: To bring about a data rich view of enterprise security, business information should be merged with security information. The technology platform should support the collection of all information, structured and unstructured, in a centralized repository.
  • Identify long range technologies: It is important to evaluate technologies and tools currently in play using a long range lens for inclusion in the program. Move away from point products that don’t have a long life value to the program; accommodate technologies that do. Internal business experts in data science can help create the foundations for the security data management program. Data scientists have long associations with backbone banking functions such as financial performance, risk management, and operational management. These scientists are better positioned to present a holistic view of the business and integrate security across silos.
  • Identify skills and expertise: : Staffing the big data security program is paramount as these resources will provide the ongoing viability of the program. The role of security data scientist intersects two high demand areas: Big Data and cyber security. The qualified security data scientist must be able to apply skills and technologies to security risk in the world of finance. As it may be difficult to find staff in both skill areas it may be necessary to blend people with data skills with people with security skills.

    They will formulate trends, point to keen insights and conclusions, and make recommendations for business decisions. They will assist Security Operations in the early identification of brewing cyber-attacks or even questionable behaviors of employees, clients and partners.

  • Sponsorship: Studies have shown there is a changing pattern of executive sponsorship. Most big data security efforts are driven by the CIO or CISO as the early stages are related to technology adoption. As organizations advance to a mature big data security program, and the value proposition is realized, sponsorship will likely gain support from other business units and executive levels.

Big Data means many things to many people. It crosses the technology realm into the business realm. The early e-commerce adopters of large scale Big D fraud detection have realized very tangible and measureable results. As customer profiles for ad agencies are generated in sub-second response time, it is imaginable to do the same for transaction scoring. It is time to jump on the big data band wagon.

Lynn Price is a Banking and Financial Services Security Specialist at IBM