A chief information security officer (CISO) at an organization with 50,000 employees is asked, “How many employees do you have helping you secure big data?”
“50,000,” he answers.
It is a response that usually surprises those outside of the IT and information security industry. In order to successfully secure big data, a CISO needs the help of every single member of the organization, from the network engineer to the chief learning officer and staff instructors.
L&D organizations everywhere understand the positive impact big data has on their programs. Smart, and innovative training organizations analyze student performance, track course participation rates, evaluate how users interact with their products and online manuals, sell subscription-based learning, and target clients for specific courses based on big data. But how many L&D organizations are considering the security implications of all this big data?
The truth is that big data can result in big data breaches, if security is not top of mind for everyone in an organization. Data breaches are costly, both in terms of fines, lost revenue and loss of customer trust. Quite simply, the task of protecting big data is too big for the CISO to handle alone.
Here are five things that L&D organizations can do to help the CISO secure big data:
- Make security your first thought, not an afterthought: Too often programs such as virtual labs, or online learning environments, are created without the security team’s input. In many organizations a cursory security check is done just before “go live” or not at all. By inviting the security team to take part in product and program development, organizations can better ensure that the big data collected in virtual classrooms is secure.
- Rate your data: Security professionals use data classification systems to determine which information to restrict with tighter security controls. Social security IDs and credit card data are obvious examples of big data that would be highly classified, but other data may have more value to the L&D team than the CISO might realize. For example, training manuals and online course instructions are highly valuable content that the organization would not want lost or stolen and should therefore be protected with specific content security controls.
- Know and follow the company’s big data security policy: Chances are good that the CISO has already created a policy on securing big data. It’s vital that the L&D department understand the policy and follow it in practice.
- Recognize privacy laws: Most governments have specific laws in place governing what type of data can be captured and stored by organizations. Before implementing an online registration or learning portal, L&D executives should understand which data can be captured and how it can be used. These laws vary by country, and global training organizations should recognize that European privacy laws are stricter than U.S. regulations.
- Smart devices need smart security: As reported in TechCrunch there will be 6.1 billion smartphone users globally by 2020. Because of BYOD policies these devices are often less secure than company-owned computers. L&D organizations should expect that these devices can be compromised, and place a premium on protecting data that can be accessed from smartphones.
Big data is changing the way learning teams create and deliver training programs to their customers and students, but appropriate security controls are required to ensure the big data that is collected is safe.