Cloud Security: 'Big Data' Leak Prevention Essentials

   

29 Oct 2019

Cloud Security: 'Big Data' Leak Prevention Essentials

Bank Info Security

Elastic's James Spiteri on Keeping Cloud Buckets and Databases Secure

Big data analytics and search tools give organizations the ability to analyze information faster than ever before. But too many organizations deploy Elasticsearch, Amazon S3 buckets, MongoDB and other cloud-based databases in a manner that leaves the data being stored exposed to the internet for anyone to see. That's despite many of these tools explicitly not exposing data by default, meaning administrators must disable built-in security controls.

"What we're seeing, especially with the advent of cloud computing just making things much easier to access over the internet, [is that] members of organizations spin up new services and they might not be too familiar with them," James Spiteri, a solutions architect and cybersecurity specialist at Elastic, which offers Elasticsearch, says in an interview with Information Securty Media Group.

Unfortunately, this can lead to administrators inadvertently exposing massive amounts of data to the internet.

"Sometimes it happens because not many people are fully aware of how the internet functions; other times it happens because they're rushed into doing something and they just bypass all of the security features," he says. "So there are many reasons why this happens, and unfortunately it can have catastrophic effects; we see new breaches every single day."

In this interview (Audio link here), Spiteri discusses:

  • Preventing inadvertent exposure of data being stored online in cloud-based buckets or databases;
  • Essential security controls for safeguarding data being stored in the cloud;
  • The growing use of big data tools such as Elasticsearch for security analytics and to perform threat hunting.

Spiteri is a solutions architect for Elastic, where he also serves as the company's cybersecurity specialist for Europe, the Middle East and Africa. Prior to that he gained extensive experience as an Elasticsearch user, including at RS2 Software, as well as while serving as the security architecture manager for Invinsec. He's also served as a Linux systems administrator at Arvato Financial Solutions, among other roles.

View all News
Loading

Supporters & Partners

OFFICIAL GOVERNMENT CYBERSECURITY PARTNER

Dubai Electronic Security Center Logo

dp

OFFICIAL DISTRIBUTION PARTNER

ISPIRE

OFFICIALLY SUPPORTED BY

Telecommunications Regulatory Authority

Official Smart City Partner

Strategic Sponsors & Partners

Strategic AI Partner

Huawei_gisec

Strategic Sponsor


sap

IOT Partner


Vodafone_iotx

 

Strategic Partner


cb

 

Official Digital Partner

etisalat_gisec

Strategic Partner

Strategic Partner

tahaluf

Platinum & Diamond sponsors

Platinum Sponsor

pp

Platinum Sponsor

BLUVECTOR

Diamond Sponsor

fe

Gold sponsors


cs
 

gold sponsor

know

emailauth


so

HumanFirewall

thales

Silver sponsors

cf

df

Education Partner

isc2

ras

vf

GISEC

west

GISEC

nedaa

oracle_gisec

crest

Industry & Association Partner

Germany Association Partner

TeleTrusT

India Pavilion Partner

Logo

Thank you to Exhibitors

VIEW MORE EXHIBITORS
 

Thank you to our Media Partners