From the Editors: The big hole in Big Data

Big Data hasn’t had the best run of news of late, as hackers and criminals have found holes to rip off the private information of thousands of users.

The most worrying news comes from a series of wire payment thefts, pulled off after hackers distracted the targeted banks with distributed denial-of-service attacks. Millions of dollars were lost thanks to what amounted to a simple ploy, and you can bet that banks around the world already spend a fortune to protect their systems.

It’s not just banks that are vulnerable: Sony’s PlayStation Network was hacked last year, and Riot Games (proprietor of the most-popular MOBA on the market, League of Legends) were also compromised. Both of those companies collect information on millions of users, so companies, large or small, that collect information on their customers can be targeted because that information alone is valuable to hackers.

A large part of the problem is that Big Data technology is usually built on top of a company’s existing legacy system, which alone accounts for old, easily exploitable holes. So even if the Big Data apparatus itself is sound, it may not be as secure as it appears to either customers or proprietors, thanks to what it’s attached to.

In order for companies to maintain faith that the information entrusted to them by users is protected, it is necessary for the industry to come up with stronger standards around securing Big Data, both the software itself and the components that have access to it. Without a more rigid implementation, the information on millions of users (which is gathered whether those users know it or not) is and will remain more vulnerable than anyone would like to consider.

It’s too late to slow down the growth of Big Data in the marketplace. We urge the industry to focus on this issue now, and not to fall into complacency about how secure their systems might be. It’s too late to reverse the damage caused by these recent hacks, but unless something is done now, we fear one day it’ll be too late to reverse the damage caused by more ruthless criminals who won’t be content to steal information on just a few thousand users, or content to simply rob a trio of banks.
#!
Don’t alienate your open-source developers
There was a time when Google was considered the perfect example of an open-source citizen. The company released white papers describing crazy futuristic technologies like Map/Reduce and Spanner. Its open-source tools, like Google Web Toolkit, Dart and the Go language, had gathered communities willing to adopt and adapt these new technologies.

But this past month, Google saw the departure of Android Open Source Project developer Jean-Baptiste Queru and V8 Juice developer Stephan Beal. Both open-source, non-Google employees left via harsh e-mails complaining about Google’s standards for its open-source projects.

Specifically, Beal chastised Google for not documenting the V8 project, and for undoing a lot of his work via buggy patches. In the end, it was as if these two fellows who weren’t being paid by Google were acting as free janitors on their less-than-clean open-source tools.

It’s not a good sign when your on-staff team is outperformed by someone who’s not being paid by your company. And you can bet that Google can afford to pay for the quality that’s needed in such complex projects as V8. The problem, however, isn’t necessarily that Google’s management isn’t willing to pay.

The real problem is that the developers inside of Google working on these projects had lower standards than those working outside of the project. That’s a recipe for failure and disenfranchisement.

But that’s not the only way to alienate your open-source developers. You could always take the route Linus Torvalds favors and not suffer fools gladly. Linus came under fire earlier this year for his caustic remarks on the Linux Kernel mailing list. Strangely, however, his abrasive nature hasn’t often been blamed for people leaving the Linux kernel.

Perhaps that’s because it’s almost not possible to care about the Linux Kernel more than Linus does. Perhaps that passion is infectious. It’s certainly not causing as much controversy as Google’s lack of respect for the work of its open-source contributors.

It’s a behavior one expects from a startup, or from a company like Oracle or Microsoft. Google is supposed to know better. And you are too. Don’t take your open-source contributors for granted, or they’ll pull up stakes and move on.