As millions of young, urban Indians joined hands a couple of months back to send out their views to the telecom regulatory authority of India (TRAI) on net neutrality, they were taken aback feeling awkward, the authority accidently released the list of more than 1 million email IDs of people who had responded to its request for suggestion on net neutrality. There were plenty of explanations being provided by the authorities but it made the insensitivity about handling big data very clear. While sitting on petabytes of data, organizations all over the world have not been able to acquire the appropriate skills and resources to handle this asset with safety. In other words, zeroing in on an information security analyst who has data discovery experience to take on the potential data intrusion threats is like wishing for the moon. No wonder man almost does not exist.

Before we dive deep into data security challenges, let us understand what it stands for. With rapid growth in businesses driven by information, organizations now are faced withhigh-volume, high-momentum, and diverse information assets. These assets are leveraged by the organizations to generate cost-effective, unique, and useful information for enhanced insight and decision making. A simple example of this is Facebook. Its 1.44 billion monthly active users (As of March 2015) make arguably world's largest database of personal information. Various brands seek Facebook's services to target their potential customers on social media.Moreover, an estimate by Reuters suggest that the quantum of digital data in the world will grow at an exponential rate of 35% CAGR for the next 5 years to touch approximately 35 zettabytes in 2020 from its current levels of 8 zettabytes. Mobile technologies, social media and ever evolving internet business models have fuelled this evolution so far and Internet of Things (IoT) promises to take this to unimaginable levels. Such a quantity of data comes with its inherent risks.

Consider this- In 2013 during the holiday shopping season, Target Corporation accepted that a virtual attack on its data centre had let out the details of at least 40 million credit cards. The company suggested that this may have further results in threats like misuse of personal information, i.e., email addresses and telephone numbers of about 110 million subscribers of credit cards. Such incidents are not merely limited to financial information but are prevalent across industries such as healthcare, hospitality, public services, and retail et al to name a few. This means that the businesses willing to leverage the data heaps owned by them will have to up the ante against the cyber burglars whoare equally sophisticated and able to exploit the smallest gap in the security system of the data centres. The CIOs, which were once seen as go to men for system installation, and making recommendations on IT infrastructure, have to become information security watchdogs.

Herecomes another challenge- the skill gap. Conventional CIOs may take time to evolve before they can shoulder the responsibility of a system security analysts and the new breed hasn't really been sown. According to McKinsey's report, "Big data: the next frontier for innovation, competition and productivity", there are numerous security risks that need to be addressed by the companies and policy makers before they may fully utilize the potential of big data. Only in the U.S., there is a shortfall of about 140,000 to 190,000 people who can understand the potential system security threats, can deal with big data, and have managerial experience with security analytics. To extrapolate this data for the rest of the world, by 2020, we may require close to 5 million information security analytics professionals-A number which looks remote considering the present state. The concoction of data science, machine learning, statistics savvy, multi-level modelling expert, multi-lingual programming freak, and a sensible social scientist cum psychologist is rare, if not impossible. Even if we get all these skills, does that golden angel understand the business which is hiring him?
So, what skills these data security analysts have and how do they help the organizations?

1. Security Domain Expertise: For keeping sensitive, big data safe and effective, it is important to marry the understanding about data with security domain expertise. With the fact that data security threat can come from virtually anywhere, data security experts need not merely look for the technical knowledge but also the IT laws, various industry trends, modes of attack, and psychology of the intruder who has tackled the data . Unlike, the intensely focussed information experts of 90s, today's data security experts need to touch upon a broad range of social sciences, legal, and technical acumen.