Perhaps, but with some caveats. Big Data offers big opportunities to improve investigations, according to numerous CSOs and CISOs, but they say it also brings new responsibilities and big risks. As is often the case, technology tends to outrace the ability of people and systems to manage and control it, and the ability of government to regulate it effectively.
Risks you don't see coming
Kim Jones, senior vice president and CSO of Vantiv, a payment processing firm based in Cincinnati, welcomes the ability to access, aggregate and analyze much more information, saying it should let him, "walk through the details of an incident with greater clarity and certainty than in past, and more quickly. I believe those opportunities exist, and the tool sets are available to make them happen."
But, his enthusiasm is tempered by the reality that different sets of data that used to be segregated can, when combined and aggregated, "create security, privacy and regulatory problems within our environment. Individually, items are fine, but when they're aggregated, they're not,"
An example, he said, is different pieces of data about a person contained in multiple databases that are meant to be kept separate. "But if I have one person who has authorization for all of that data, and can pull it into an aggregator, I may create a scenario where I have data that is more sensitive than the individual parts," he said. "HIPAA (Health Insurance Portability and Accountability Act) talks about this, where data separate is not PII (Personally Identifiable Information) but when you pull it together, it is.
"I believe 95 percent of the companies out there are not up to speed on that," Jones said.
Not that Big Data is the newest buzzword on the block. It has been widely covered in the mainstream media for its marketing value. It has even reached the point where Svetlana Sicular, research director at Gartner, wrote in a recent blog post that according to the "Gartner Hype Cycle curve," Big Data has passed the "peak of inflated expectations" and fallen into the "trough of disillusionment."
This, she hastened to add, does not mean Big Data is obsolete or even has declining relevance —only that the view of its users is "maturing" to a more realistic view of its value. But when it comes to investigations, there is general agreement that the ability of enterprises and government regulators to control and manage it still has a ways to go to achieve maturity.
So far, Big Data is not a major tool, at least directly, of the federal Department of Health and Human Service's (HHS) Office of Civil Rights (OCR), which investigates alleged violations of HIPAA.
Sign up for Computerworld eNewsletters.