Big Data in Security vs. Privacy

  • TYPE: Combined Session DATE: Wednesday, May 14, 2014 TIME: 12:00-13:00 LOCATION: ALPSEE


With the evolution of new technologies and approaches to security, such as the application of big data tools to profoundly analyze network traffic in realtime, security professionals can have a high level of visibility into any type of information. These systems do not distinct between personal and "non-personal" information - they are just trained to detect suspicious patterns and can do so only if all packets are inpected. But what does the law say? Do enterprises have a right to process personal data in order to defend themselves against cyber attacks? KuppingerCole´s Senior Analyst and privacy expert Dr. Karsten Kinast, LL.M. will give you an overview on how current and future legislation is and will answer this question. There is an additional workshop offered for this topic.   


Dr. Karsten Kinast, LL.M., Attorney at Law (Germany), is founding Partner of the Law Firm “Kinast & Partner” with an exclusive focus on Data Protection Law and IT-Law. He holds a Master of Laws Degree in European Legal Informatics and  serves as external Data Protection...

The news is rife with the conflict of deep security monitoring versus personal privacy. Similar to the rise of sophisticated global terrorists is the rapid rise of advanced IT security threats from hacktivists, cybercriminals, and nation states, and the fast evolution of security technologies designed to defend against them.  Security professionals now often find themselves pushing the boundary of what is socially acceptable and even legal, while trying to keep up their organization’s defenses.

With the evolution of security technologies such as network packet capture and big data security analytics, security professionals can have an unprecedented level of visibility into what is happening in their enterprise.  But can security professionals use these monitoring oriented technologies without violating both laws and the monitored persons’ sense of reasonableness? 

Given the insidious nature of many advanced threats and their associated malware, which have been known to hide amongst normal application traffic, detection often requires sophisticated anomaly detection leveraging the collection and analysis of very large data sets, which often include the personal information and communications (email, IM, ftp).  Even if the collection of this personal information is not the primary purpose of the security system, doing so can sometimes be illegal and often times raise objections from individuals, workers councils/unions, and data privacy officers.  

After providing the background on today’s threats and why monitoring & big-data analytic defensive techniques are really required to defend against today’s most difficult threats, the presenters/panelists will provide some specific deployment examples that highlight the challenges from both a legal and cultural perspective.  They will go on to discuss how organizations in privacy sensitive regions can use advanced types of security monitoring technologies and will also review both technical and non-technical controls which can help enable a balance between the needs of risk reduction for the organization and the privacy expectations of the users and the laws. And they will also discuss with you the closely related issues of working with employees and data privacy officers to help smooth the deployment of security monitoring systems.  


Scott David, J.D., LL.M., is the Director of Policy at the Center for Information Assurance and Cybersecurity at University of Washington and was formerly the Executive Director of the Law, Technology and Arts Group at UW School of Law. Scott is an active member of the World Economic Forum's...

With an MBA and Law education, Ramsés is a +20 year security professional with deep expertise in the Risk Management and Governance areas. Ramsés is Strategist & Evangelist for Dell Security and holds the following professional accreditations: CISM, CGEIT, CISSP, SCPM, CCSK,...

Matthew Gardiner is a senior manager at RSA Security and is currently focused on the evolution of security management & compliance in general and SIEM solutions in particular. For the past 10+ years Matthew has focused on identity & access management, Web access management, identity...

Log in to download the presentation:  


Session Links


European Identity & Cloud Conference 2014

Registration fee:
€1980.00 $2475.00 S$3168.00 21780.00 kr
Mastercard Visa American Express PayPal INVOICE
Contact person:

Mr. Levent Kara
+49 211 23707710
  • May 13 - 16, 2014 Munich, Germany