{"id":25821,"date":"2021-03-23T06:00:00","date_gmt":"2021-03-23T13:00:00","guid":{"rendered":"https:\/\/insidebigdata.com\/?p=25821"},"modified":"2021-03-24T08:37:38","modified_gmt":"2021-03-24T15:37:38","slug":"protecting-your-data-lake-requires-a-new-mindset","status":"publish","type":"post","link":"https:\/\/insidebigdata.com\/2021\/03\/23\/protecting-your-data-lake-requires-a-new-mindset\/","title":{"rendered":"Protecting Your Data Lake Requires a New Mindset"},"content":{"rendered":"\n

If you work in corporate IT, you can\u2019t help but be aware that 2020 was a terrible year<\/a> for data security and most of the rest of humanity. Many reasons have been put forward for this, most of which focus on short-term factors \u2013 the pandemic leading to an increase in phishing attacks, mainly.<\/p>\n\n\n\n

Look a little deeper into these hacks, however, and you\u2019ll spot a more fundamental, longer-term pattern at play. Though phishing remains as effective as ever, the quantity of data breached in 2020 was partially also a consequence of just how much data is now stored in large data lakes that lack internal security measures. This means that if an attacker gains access to a system, they can move around within it very easily.<\/p>\n\n\n\n

This is not a new observation. It has led some, in fact, to question whether they actually need a data lake<\/a>. While the answer is often positive, this doesn\u2019t mean you\u2019re doomed to the certainty of successful cyber attacks – as long as you are not relying on hope as a strategy<\/a>, that is.<\/p>\n\n\n\n

  1. The Security Onion<\/strong><\/li><\/ol>\n\n\n\n

    Here\u2019s the way that a lot of organizations still think of data security. The need to centralize data pulls multiple discrete databases together into a data lake, either to improve access to data or as part of a mergers and acquisitions process<\/a>. This leads to multiple types of data \u2013 each with their own access and security typologies \u2013 being housed in a large, undifferentiated mass on a server. The solution? Throw up a security cordon around the whole lot and then write an API to pull out the data that you actually need into a data lake.<\/p>\n\n\n\n

    Over time, multiple iterations of this process can lead to a security \u201carchitecture\u201d (though maybe it\u2019s a stretch to use that term here!) which looks a little like an onion. That is, with multiple systems nested inside each other, each protected with it\u2019s own \u201csecurity layer.\u201d<\/p>\n\n\n\n

    The problem with this approach is two-fold. One is that it is simply a waste of resources, both in terms of money spent on security solutions and in terms of the time that you will spend working with such a complex system. The second is that it is not secure.<\/p>\n\n\n\n

    1. Data Lakes as Hacking Shortcuts<\/strong><\/li><\/ol>\n\n\n\n

      In order to see why, it helps to go back to basics, and to think about how data lakes were supposed to work. Back when they first emerged as a practical concept, the idea was that data would be pulled into a temporary data lake<\/a>, processed, and would then disappear. The problem is that, for many organizations, data lakes are no longer a temporary invocation. They are, for all intents and purposes, permanent data structures.<\/p>\n\n\n\n

      Like its namesake, a data lake is a single repository of a large amount of something in an unmanaged state. It creates the tendency to throw large amounts of data into one place and then pull and analyze as needed. Data analysis and hacking are both so convenient because all the data is in one place.<\/p>\n\n\n\n

      This means that they are very \u201cuseful\u201d tools for hackers. Some of the most massive data breaches in history<\/a> occurred AFTER hackers were able to gain access to a large repository of unprotected data online, then use it\u2019s privileges to move into the databases it pulls from. Because this data was presumed to be protected by a perimeter security \u201cwall,\u201d once inside the hacker is granted a large degree of lateral freedom. In other words, data lakes act as a shortcut into the heart of the onion.<\/p>\n\n\n\n

      So what\u2019s the solution? Well, many would continue with the same flawed logic we\u2019ve seen above, and say: wrap your data lake in another layer of security. Encase your entire system, data lake and all, in yet another layer of perimeter security. <\/p>\n\n\n\n

      1. Keep it Temporary<\/strong><\/li><\/ol>\n\n\n\n

        There are a few reasons why you shouldn\u2019t do that. One is that adding yet another layer of security around a lake undermines the ease of access that is the whole reason you are using a data lake. The second is that you are adding another layer of complexity that you will have to manage, and unless you are one of the very few who are receiving real-time analytics from your data lake<\/a>, you are unlikely to have the time, skill, or other resources necessary to manage intrusion attempts.<\/p>\n\n\n\n

        At a more fundamental level, however, building a perimeter security system for a data lake should be an inherently absurd suggestion, because data lakes are supposed to be temporary. Also, and as you likely point out when you help your clients with cybersecurity, simple security is generally better security. <\/p>\n\n\n\n

        Therefore, you should recognize the value of data lakes lies in providing quick, effective access to the heterogeneous data you manage, though you should also recognize that they are an inherent security risk. In other words, use them carefully. Above all, this means using them in the way they were intended \u2013 invoking them quickly, performing the necessary analysis, and then closing them down just as quickly.<\/p>\n\n\n\n

        That might represent a change of mindset for many administrators, and particularly those of the younger generation. Data lakes have represented a temptation for many years now, and it\u2019s a temptation that many of us have fallen for. As a result, our lakes are less like the temporary lakes of summer showers, and more like the ancient, eternal lakes of alpine valleys.<\/p>\n\n\n\n

        1. The Future<\/strong><\/li><\/ol>\n\n\n\n

          The importance of this lesson will only grow in the coming years. Despite some of the challenges that they represent, and not least when it comes to security, no-one seriously doubts the future of the concept. Data lakes are the future of data warehousing<\/a>, whether we like it or not.<\/p>\n\n\n\n

          That\u2019s all the more reason to learn to use them properly. Make sure your data lakes are temporary and disappear as quickly as they are invoked. This will keep your systems much, MUCH more secure. <\/p>\n\n\n\n

          About the Author<\/strong><\/p>\n\n\n\n

          \"\"<\/figure><\/div>\n\n\n\n

          Bernard Brode has spent a lifetime delving into the inner workings of cryptography and now explores the confluence of nanotechnology, AI\/ML, and cybersecurity.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

          In this contributed article, technologist Bernard Brode discusses how protecting your data lake requires a new mindset. Some have questioned whether they actually need a data lake. While the answer is often positive, this doesn\u2019t mean you\u2019re doomed to the certainty of successful cyber attacks – as long as you are not relying on hope as a strategy, that is.<\/p>\n","protected":false},"author":37,"featured_media":23458,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":""},"categories":[115,68,87,180,56,97,1],"tags":[336,96],"acf":[],"yoast_head":"\nProtecting Your Data Lake Requires a New Mindset - insideBIGDATA<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/insidebigdata.com\/2021\/03\/23\/protecting-your-data-lake-requires-a-new-mindset\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Protecting Your Data Lake Requires a New Mindset - insideBIGDATA\" \/>\n<meta property=\"og:description\" content=\"In this contributed article, technologist Bernard Brode discusses how protecting your data lake requires a new mindset. Some have questioned whether they actually need a data lake. While the answer is often positive, this doesn\u2019t mean you\u2019re doomed to the certainty of successful cyber attacks - as long as you are not relying on hope as a strategy, that is.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/insidebigdata.com\/2021\/03\/23\/protecting-your-data-lake-requires-a-new-mindset\/\" \/>\n<meta property=\"og:site_name\" content=\"insideBIGDATA\" \/>\n<meta property=\"article:publisher\" content=\"http:\/\/www.facebook.com\/insidebigdata\" \/>\n<meta property=\"article:published_time\" content=\"2021-03-23T13:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-03-24T15:37:38+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/insidebigdata.com\/wp-content\/uploads\/2019\/10\/data-lakes_SHUTTERSTOCK.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"200\" \/>\n\t<meta property=\"og:image:height\" content=\"200\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Daniel Gutierrez\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@AMULETAnalytics\" \/>\n<meta name=\"twitter:site\" content=\"@insideBigData\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Daniel Gutierrez\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/insidebigdata.com\/2021\/03\/23\/protecting-your-data-lake-requires-a-new-mindset\/\",\"url\":\"https:\/\/insidebigdata.com\/2021\/03\/23\/protecting-your-data-lake-requires-a-new-mindset\/\",\"name\":\"Protecting Your Data Lake Requires a New Mindset - insideBIGDATA\",\"isPartOf\":{\"@id\":\"https:\/\/insidebigdata.com\/#website\"},\"datePublished\":\"2021-03-23T13:00:00+00:00\",\"dateModified\":\"2021-03-24T15:37:38+00:00\",\"author\":{\"@id\":\"https:\/\/insidebigdata.com\/#\/schema\/person\/2540da209c83a68f4f5922848f7376ed\"},\"breadcrumb\":{\"@id\":\"https:\/\/insidebigdata.com\/2021\/03\/23\/protecting-your-data-lake-requires-a-new-mindset\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/insidebigdata.com\/2021\/03\/23\/protecting-your-data-lake-requires-a-new-mindset\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/insidebigdata.com\/2021\/03\/23\/protecting-your-data-lake-requires-a-new-mindset\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/insidebigdata.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Protecting Your Data Lake Requires a New Mindset\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/insidebigdata.com\/#website\",\"url\":\"https:\/\/insidebigdata.com\/\",\"name\":\"insideBIGDATA\",\"description\":\"Your Source for AI, Data Science, Deep Learning & Machine Learning Strategies\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/insidebigdata.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/insidebigdata.com\/#\/schema\/person\/2540da209c83a68f4f5922848f7376ed\",\"name\":\"Daniel Gutierrez\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/insidebigdata.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5780282e7e567e2a502233e948464542?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5780282e7e567e2a502233e948464542?s=96&d=mm&r=g\",\"caption\":\"Daniel Gutierrez\"},\"description\":\"Daniel D. Gutierrez is a Data Scientist with Los Angeles-based AMULET Analytics, a service division of AMULET Development Corp. He's been involved with data science and Big Data long before it came in vogue, so imagine his delight when the Harvard Business Review recently deemed \\\"data scientist\\\" as the sexiest profession for the 21st century. Previously, he taught computer science and database classes at UCLA Extension for over 15 years, and authored three computer industry books on database technology. He also served as technical editor, columnist and writer at a major computer industry monthly publication for 7 years. Follow his data science musings at @AMULETAnalytics.\",\"sameAs\":[\"http:\/\/www.insidebigdata.com\",\"https:\/\/twitter.com\/@AMULETAnalytics\"],\"url\":\"https:\/\/insidebigdata.com\/author\/dangutierrez\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Protecting Your Data Lake Requires a New Mindset - insideBIGDATA","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/insidebigdata.com\/2021\/03\/23\/protecting-your-data-lake-requires-a-new-mindset\/","og_locale":"en_US","og_type":"article","og_title":"Protecting Your Data Lake Requires a New Mindset - insideBIGDATA","og_description":"In this contributed article, technologist Bernard Brode discusses how protecting your data lake requires a new mindset. Some have questioned whether they actually need a data lake. While the answer is often positive, this doesn\u2019t mean you\u2019re doomed to the certainty of successful cyber attacks - as long as you are not relying on hope as a strategy, that is.","og_url":"https:\/\/insidebigdata.com\/2021\/03\/23\/protecting-your-data-lake-requires-a-new-mindset\/","og_site_name":"insideBIGDATA","article_publisher":"http:\/\/www.facebook.com\/insidebigdata","article_published_time":"2021-03-23T13:00:00+00:00","article_modified_time":"2021-03-24T15:37:38+00:00","og_image":[{"width":200,"height":200,"url":"https:\/\/insidebigdata.com\/wp-content\/uploads\/2019\/10\/data-lakes_SHUTTERSTOCK.jpg","type":"image\/jpeg"}],"author":"Daniel Gutierrez","twitter_card":"summary_large_image","twitter_creator":"@AMULETAnalytics","twitter_site":"@insideBigData","twitter_misc":{"Written by":"Daniel Gutierrez","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/insidebigdata.com\/2021\/03\/23\/protecting-your-data-lake-requires-a-new-mindset\/","url":"https:\/\/insidebigdata.com\/2021\/03\/23\/protecting-your-data-lake-requires-a-new-mindset\/","name":"Protecting Your Data Lake Requires a New Mindset - insideBIGDATA","isPartOf":{"@id":"https:\/\/insidebigdata.com\/#website"},"datePublished":"2021-03-23T13:00:00+00:00","dateModified":"2021-03-24T15:37:38+00:00","author":{"@id":"https:\/\/insidebigdata.com\/#\/schema\/person\/2540da209c83a68f4f5922848f7376ed"},"breadcrumb":{"@id":"https:\/\/insidebigdata.com\/2021\/03\/23\/protecting-your-data-lake-requires-a-new-mindset\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/insidebigdata.com\/2021\/03\/23\/protecting-your-data-lake-requires-a-new-mindset\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/insidebigdata.com\/2021\/03\/23\/protecting-your-data-lake-requires-a-new-mindset\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/insidebigdata.com\/"},{"@type":"ListItem","position":2,"name":"Protecting Your Data Lake Requires a New Mindset"}]},{"@type":"WebSite","@id":"https:\/\/insidebigdata.com\/#website","url":"https:\/\/insidebigdata.com\/","name":"insideBIGDATA","description":"Your Source for AI, Data Science, Deep Learning & Machine Learning Strategies","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/insidebigdata.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/insidebigdata.com\/#\/schema\/person\/2540da209c83a68f4f5922848f7376ed","name":"Daniel Gutierrez","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/insidebigdata.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/5780282e7e567e2a502233e948464542?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5780282e7e567e2a502233e948464542?s=96&d=mm&r=g","caption":"Daniel Gutierrez"},"description":"Daniel D. Gutierrez is a Data Scientist with Los Angeles-based AMULET Analytics, a service division of AMULET Development Corp. He's been involved with data science and Big Data long before it came in vogue, so imagine his delight when the Harvard Business Review recently deemed \"data scientist\" as the sexiest profession for the 21st century. Previously, he taught computer science and database classes at UCLA Extension for over 15 years, and authored three computer industry books on database technology. He also served as technical editor, columnist and writer at a major computer industry monthly publication for 7 years. Follow his data science musings at @AMULETAnalytics.","sameAs":["http:\/\/www.insidebigdata.com","https:\/\/twitter.com\/@AMULETAnalytics"],"url":"https:\/\/insidebigdata.com\/author\/dangutierrez\/"}]}},"jetpack_featured_media_url":"https:\/\/insidebigdata.com\/wp-content\/uploads\/2019\/10\/data-lakes_SHUTTERSTOCK.jpg","jetpack_shortlink":"https:\/\/wp.me\/p9eA3j-6It","jetpack-related-posts":[{"id":13708,"url":"https:\/\/insidebigdata.com\/2015\/09\/23\/data-swamp-or-data-lake-five-key-questions-before-you-dive-in\/","url_meta":{"origin":25821,"position":0},"title":"Data Swamp or Data Lake? Five Key Questions Before You Dive In","date":"September 23, 2015","format":false,"excerpt":"In this contributed article, Prat Moghe, CEO and founder of Cazena, dives into the different ways companies use data lakes, with real-world examples. Prat will share practical issues to consider upfront, as well as hidden gotchas that can drain the success out of a project.","rel":"","context":"In "Big Data"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":15480,"url":"https:\/\/insidebigdata.com\/2016\/07\/13\/new-enterprise-data-lake-management-platform-delivers-enterprise-grade-hadoop\/","url_meta":{"origin":25821,"position":1},"title":"New Enterprise Data Lake Management Platform Delivers Enterprise-Grade Hadoop","date":"July 13, 2016","format":false,"excerpt":"Organizations can now efficiently and securely set up, deploy and manage a Hadoop-based data lake with the new version of Podium, the enterprise-ready management platform from Podium Data.","rel":"","context":"In "Big Data"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":13050,"url":"https:\/\/insidebigdata.com\/2015\/04\/30\/the-rise-of-the-data-lake-in-support-of-the-industrial-internet-part-1\/","url_meta":{"origin":25821,"position":2},"title":"The Rise of the Data Lake in Support of the Industrial Internet (Part 1)","date":"April 30, 2015","format":false,"excerpt":"Data lakes are enterprise-wide data management platforms designed for storing and analyzing vast amounts of information from disparate data sources in their native format. The idea is to place data into a data lake in their native structure instead of a repository built for a specific purpose such as a\u2026","rel":"","context":"In "Big Data"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":33339,"url":"https:\/\/insidebigdata.com\/2023\/09\/07\/navigating-data-lake-challenges-governance-security-and-gdpr-compliance\/","url_meta":{"origin":25821,"position":3},"title":"Navigating Data Lake Challenges: Governance, Security, and GDPR Compliance","date":"September 7, 2023","format":false,"excerpt":"In this contributed article, Coral Trivedi, Product Manager at Fivetran, discusses how enterprises can get the most value from a data lake. The article discusses automation, security, pipelines and GSPR compliance issues.","rel":"","context":"In "Big Data"","img":{"alt_text":"","src":"https:\/\/i0.wp.com\/insidebigdata.com\/wp-content\/uploads\/2023\/08\/Data_center_shutterstock_1062915266_special.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":22539,"url":"https:\/\/insidebigdata.com\/2019\/04\/27\/okera-introduces-attribute-based-access-control-for-data-lake-security-and-access-management\/","url_meta":{"origin":25821,"position":4},"title":"Okera Introduces Attribute-Based Access Control for Data Lake Security and Access Management","date":"April 27, 2019","format":false,"excerpt":"Okera, a leading active data management company for data lake security and governance, announced the release of new attribute-based access control (ABAC) and automated business metadata tagging and policy enforcement capabilities. These new features help enterprises simplify how to manage, secure, and govern data access on data lakes at scale\u2026","rel":"","context":"In "Big Data"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":17300,"url":"https:\/\/insidebigdata.com\/2017\/03\/02\/zaloni-continues-redefine-data-lake\/","url_meta":{"origin":25821,"position":5},"title":"Zaloni Continues to Redefine the Data Lake","date":"March 2, 2017","format":false,"excerpt":"With the latest release of its Bedrock Data Lake Management Platform and its Mica Self-service Data Platform, Zaloni continues to establish itself as a leader in the space by pushing the boundaries of what defines a \u201cdata lake,\u201d expanding beyond Hadoop to encompass a more holistic, enterprise-wide approach.","rel":"","context":"In "Big Data"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/insidebigdata.com\/wp-json\/wp\/v2\/posts\/25821"}],"collection":[{"href":"https:\/\/insidebigdata.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/insidebigdata.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/insidebigdata.com\/wp-json\/wp\/v2\/users\/37"}],"replies":[{"embeddable":true,"href":"https:\/\/insidebigdata.com\/wp-json\/wp\/v2\/comments?post=25821"}],"version-history":[{"count":0,"href":"https:\/\/insidebigdata.com\/wp-json\/wp\/v2\/posts\/25821\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/insidebigdata.com\/wp-json\/wp\/v2\/media\/23458"}],"wp:attachment":[{"href":"https:\/\/insidebigdata.com\/wp-json\/wp\/v2\/media?parent=25821"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/insidebigdata.com\/wp-json\/wp\/v2\/categories?post=25821"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/insidebigdata.com\/wp-json\/wp\/v2\/tags?post=25821"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}