Does your organization have someone who always brings up the risks and dangers of storing data? A Chief Privacy Officer, a Chief Security Officer, or a Chief Risk Officer? There is a reason those are C-level jobs. And as hundreds of organizations have learned the hard way, “data spills” can be catastrophic to an organization’s public image.
Many organizations control data that isn’t really theirs. This could include:
- Data licensed under potentially complicated contract terms.
- Data generated by users, and governed by privacy policies.
- Data covered by legal regulations, administrative law, and judicial precedents and orders of all kinds.
Each of these constraints represents a different kind of risk to your organization. And they all require a consistent, provable, secure way of managing those risks.
An unimpeachable chain-of-custody can be hard enough to maintain when all your data fits in a file cabinet. What about when it is measured in the billions of records? Who is looking at the data, and what are they searching for? What transformations have been applied to the data, and where was the data exposed to potential abuses and attacks?
Maintaining a defensible, forensic approach to security within a big data system can become a big data problem in itself. When this problem surfaces in your environment, you have crossed into the realm of Extreme Compliance.