Saltar a la navegación Saltar al contenido principal Ir al pie de página

Case Study: Reviewing the Risks of Big Data Environments

08 marzo 2023

By NCC Group

Situation

NCC Group reviewed the big data environments for a financial services organization to better understand its security implications, including whether sensitive data could be accessed and whether the infrastructure could be compromised.

This review allowed the client to better understand its security posture and helped the client work with its software vendor to mitigate any potential issues.

At a Glance

Organization: Multi-National Financial Services Organization

Industry: Financial Services

Challenge: Providing assurance that big data environments were fully secure

Solution: NCC Group conducted research and fully reviewed the big data environments to understand potential risks

Result: NCC Group provided recommendations and advice to resolve any issues quickly and efficiently

Challenge

The organization had several big data environments and technologies in place and had concerns about the risks that this diverse software and infrastructure environment had to the confidentiality, integrity, and availability of sensitive data. Managing this complex environment was challenging.

Therefore, the client sought assurances that the risks and vulnerabilities within the environments were both understood and, importantly, mitigated. The client had good levels of operational support for the big data environments and technologies but needed support in specialist cyber security expertise. This is where NCC Group provided expert advice and recommendations to the client.

The technology in use by the organization was updated regularly. As part of these update cycles, new components and features were released by the software vendors. The client wanted a comprehensive understanding of the risks to them from one software release bundle to the next.

Solution

NCC Group conducted research on behalf of the financial services organization into specific technologies in use and how the security implications of these products could impact the client’s environment. We then conducted bespoke penetration testing and security consultancy on the technologies as deployed.

Through careful attack planning, NCC Group was able to review:

  • Access to sensitive data from an unauthorized perspective
  • Access to and control of encryption keys from an unauthorized perspective
  • Whether compromise of infrastructure within the big data environment cluster would enable further access into the wider client’s network from an unauthorized perspective

Our consultants provided the client with a review of the changes between each software release cycle and what risks were introduced. In addition, NCC Group provided remediation advice and worked in collaboration with the client to feed security observations and improvements through the client to the software vendor, resolving issues at source or passing them on to the open-source community.

Result

Through collaboration and delivery of our cyber security expertise, NCC Group was able to provide the client with a view of the current security posture of their big data environment.

NCC Group also provided recommendations on mitigating controls required to improve the security maturity of their critical data environment between the different release cycles and versions implemented. Finally, NCC Group’s mature vulnerability disclosure process was used to help the client work with the software vendor and the open-source community to resolve any issues found within the software rapidly.

NCC Group

NCC Group

NCC Group exists to make the world safer and more secure.

As global experts in cyber security and risk mitigation, NCC Group is trusted by over 14,000 customers worldwide to protect their most critical assets from the ever-changing threat landscape.

Get Started on Your Cyber Security Journey 

Our experts are ready to help you stay ahead in a constantly changing threat landscape. Contact us today to learn more about what NCC Group can do for your organization's unique cybersecurity needs.