Security of big data systems in 'critical sectors' should be enhanced by guidance, says EU agency

The European Network and Information Security Agency (ENISA) said that policy makers should provide guidance to organisations operating in critical sectors to help them use big data systems securely.

"The policy makers and all experts involved in publishing guidelines should take a holistic approach towards big data security," ENISA said in a new report. "When the implementation supports systems vital to the wellbeing of the society then the security threat analysis and risk assessment should be done in each component separately follow[ing] a top-down approach."

In a separate report published earlier this year ENISA had warned that businesses using software and systems to collect, analyse and use data were increasingly vulnerable to cyber risks.

In its latest report ENISA said that regulators have a role to play in helping boost the security of big data systems in critical sectors. It called on "competent authorities" to "encourage vendors to offer security authentication mechanisms and protocols in their products".

"More and more devices are becoming part of the cyber-physical world," ENISA said. "These devices require access to data in order to take action. Using devices which [do] not have the capabilities to provide necessary secure authentication mechanisms and protocols, could make the level of security unacceptable. Encouraging vendors and industry to use devices and applications with such capabilities will help make the big data system more secure."

Businesses that provide big data solutions should also "invest in compliance with security standards for their products", ENISA said. It said if big data solutions complied with security standards it could help build user trust. SMEs could consider engaging with certification schemes to help demonstrate their big data products are secure, it said.

ENISA said that standardisation bodies should consider creating new security standards to account for big data, or to adapt existing standards they oversee. Changes in standards should be facilitated through collaboration with businesses that provide big data solutions as well as those who use them and with regulators too, it said.