As interesting as Big Data can be for finding patterns in the past, its biggest promise for security lies in being able to predict the future. No, we’re not talking about some sort of Minority Report dystopia where the state peers into your soul. Used correctly, Big Data analysis very often reveals emerging data patterns that can tip off the likelihood of an imminent problem. There is no one-size-fits-all approach to extracting value from Big Security Data, and that’s true for predictive analytics capabilities as well. In this article, we’ll take a somewhat futuristic look at what Big Data will be able to predict in retail applications.
The retail industry is always looking for new tools to reduce shrinkage. Big Data solutions are already making huge advances in correlating Point of Sale (POS) data with video analytics to identify and reduce various forms of employee malfeasance at the cash register. This was probably one of the first applications to emerge because it’s a tightly constrained, data-rich environment that makes analysis relatively straight forward. However, it tackles only one form of retail loss. There are many other problems in retail settings that require more subtle analysis across even larger data sets. Electronics retailers, for example, routinely lock up high-value goods in access-controlled cages to restrict who can handle these items and when.
Biometric readers can increase the certainty of who has accessed the cage, and video cameras can provide visual verification. But in a busy store, let alone an entire chain, that represents mountains of data to sift through and store managers are usually too busy serving customers to sort through all that data in a timely manner. Enter Big Data. It is possible to analyze access to inventory and POS sales data to scan for meaningful correlations in real time. As a baseline, for example, there should be a statistical relationship between the number of times the high value storage is accessed, and the number of high-value sales actually rung up at the register.
A large organization could further normalize this data on a per-store basis by time of day, by specials and sales, and so forth. With that statistical baseline in place, any deviations spotted in real time could be flagged for local or corporate loss prevention review. What’s different since the advent of Big Data is that the software to do this type of analysis has come down in cost by orders of magnitude, and increased in speed by similar leaps and bounds. There are many number of patterns that could indicate likelihood of theft, but they can only be predicted in real time with the type of advanced tools that have come to market since Big Data’s arrival. True, such software could have been written many years ago, but the expense would have created an ROI few companies could justify.
What about Privacy?
We can’t leave the discussion of Big Data in Security without considering its impact on personal privacy. As USA Today’s Howard Rheingold put it: “You can't assume any place you go is private because the means of surveillance is becoming so affordable and so invisible.” And that was well before Big Data, which has further heightened concerns that it will have the perverse effect of further empowering governments and large corporations at the expense of the individual. There is perhaps no better example of this concern than the recent controversy over the extent of NSA surveillance techniques.
By the same token, in the commercial arena, much of the predatory lending and outright fraud that took place during the 2007-08 housing implosion was a direct result of banks and mortgage companies using huge databases to target vulnerable consumers. There are real, potential drawbacks, so does this mean we should not use Big Data in security? No, I do not believe so. But as always, there must be responsible, regulated use of any technology. Writers on this topic have cited the OECD Privacy Principles as a starting point for any data collection policy related to Personally Identifiable Information.
This is a useful framework that lays out standards along eight dimensions:
• Collection Limitation
• Data Quality and Relevance
• Specification of Purpose
• Limitation of Use
• Information Safeguards
• Individual Participation
In some respects, many of these principles are at odds with the practices of the security organization, which by its very nature must often operate covertly. That said, there are at least two important exceptions we should all observe as we build Big Data databases and tools: our customers and our employees. For both of those groups, clear guidelines are essential to the very trust and long-term relationships we are trying to instill as part of security’s core mission. As the 911 Commission Report put it: “We must find ways of reconciling security with liberty, since the success of one helps protect the other.”