Data-Centric Security: What is it and Why Does it Matter?
Divyanshu Rai
Senior Talent Acquisition Specialist | Automation, specializing in AI Sourcing, Candidate Engagement, & Data-Driven Hiring | Innovating Candidate Engagement using AI-Powered Talent Acquisition
What is Data-Centric?Security??
Data-centric security is all the technology, approaches,?and policies that encompass?being?laser-focused?on protecting?actual data?entrusted to organizations,?throughout?that data’s?lifecycle,?versus focusing primarily on infrastructure risks.?
A?data-centric #security framework?is?comprised?of layers of solutions designed to understand, govern, and secure sensitive data – whether on-premises or in the #cloud.?This model approaches data security beyond the traditional, infrastructure-focused data security measures most organizations already take.?
No matter the industry, a data #security breach is an increasingly likely scenario that all businesses must mitigate.?With escalating #cybercrime,?growth in?#cloud computing,?an?explosion in mobile device?usage,?and varying technology?and applications,?an #infrastructure-only approach could potentially allow access to all data once compromised versus?a data-centric approach, which focuses on protecting the data?regardless?of the #breach.??
Data Security Budgets are Increasing?
A 2021 Standard & Poor’s survey revealed that 58 percent of respondents planned to increase data security spending, with 16 percent planning a significant bump. Triggering this spending spree: remote work and the risk of errors; the need for?secure, efficient collaboration, increased compliance requirements, and more sharing of information.?
In fact,?Gartner has forecasted?that security and risk management spending worldwide will grow 12.4% to reach $150.4?billion in 2021.?Even with that investment, the number of data breaches is increasing.?The pervasiveness of data and complexity of environments?continue to increase?and?growing?vulnerability around sensitive data is here to stay.?Organizations?need to consider if?merely continuing to?beef up?their?core?defenses—the systems, applications,?devices,?and networks that enclose data—is enough.?
With more apps, data, networks, and logins than ever before, sensitive data may be at risk out of sight and beyond the reach of security teams. Gaps in security policy and process and a policy of?“building walls”?with strong perimeter-based security, authentication, encryption,?and more will sometimes fail.??
Four Key Gaps?in?Information?Architecture?
There are four key gaps?in a data security architecture that?revolve?around employee and external partner?behaviors and?can only be remedied with a data-centric?security?strategy and culture. These pain points can pose serious risks in terms of?maintaining?compliance?and can also result in a need to continually play catch-up and remediate.?
The Behavior Gap
Usability poses a major challenge to organizations large and small. People simply want to find the fastest, most convenient way of doing something. In fact,?human error is still the number?one?cause of data breaches in 2021.?Adding sensitive data to a USB, copying unsecured documents,?and?bypassing?secure?#FTP?#servers are just a few of the ways employees and partners?fail to?adopt the security processes in place.?
The Visibility Gap
Sensitive data travels.?The average employee?sends?and receives?tens of thousands of emails?annually, and?many receive files?not meant for their eyes.?Knowing who accesses data once?it’s?shared beyond a business’s devices, networks, and applications and how it is used lies outside #monitoring, #auditing, and tracking technologies.?
Where files and data are shared outside your organization, the nature of the information within them cannot be tracked or audited once it leaves your server?without?additional?data-centric-focused technologies in place.?
The Control Gap
Lost files or leaked information can go beyond an organization’s control.?However,?Identity and?Access?Management (#IAM),?Mobile?Device?Management (#MDM), and?Data Loss Prevention (#DLP)?systems, all?can be layered effectively to?help to?monitor?and control employee access to data. But data that leave?systems and networks?are?effectively?still?out of your control.??
领英推荐
Once leaked or lost, serious and costly consequences can occur, particularly around compliance violations.??
The Response Time Gap
There is a time lag between?the uptake?of a new?application or behavior and the ability of?users?to understand and respond.?It's?this gap that often has?security teams in?a?reactionary mode and?this gap?can take weeks or months to?identify,?the time when sensitive information can be #vulnerable.??
Technology changes quickly and?many organizations?with a #BYOD (bring your own device)?policy and?changing?expectations of how to work?also?impacts?the gap in response time. In the rush to get business done, security is often left to play catch-up and security breaches may be the unintended consequence.??
Security needs to?operate?at the speed of business, with the flexibility to adapt to the unknown.?An organization’s response?time?gap may be measured in days, weeks, months, or quarters. The longer it is, the greater the #risk of people taking measures into their own hands, or of sensitive data going untracked into new applications.??
Closing the Data Security Gap with Data-Centric Security Strategies?
Collaboration, innovation, partnerships, and business development are the behaviors that drive business?growth,?and all are dependent on trusted exchanges of vital information.??
When these new unforeseen breaches take place,?organizations?must respond by evolving from?traditional,?infrastructure-centric security measures with multiple layers of defense, to data-centric approaches that protect what really matters: the data itself.?
#DLP?solutions,?data #encryption?solutions,?and?Digital Rights Management (#DRM)?are great?tools?to incorporate if they?are able to?accurately understand the value, sensitivity, and context of the data they are trying to protect. They can be?very effective?on their own, in some circumstances, but often can?benefit?from integrating as a more rounded solution and augmented with data classification technology.??
Businesses need to be able to guarantee file-level security—to secure, track,?and share any kind of data, no matter where?it’s?stored or?located,?or how it?travels?with robust policy enforcement, strong encryption, and strict access controls. Data-centric security solutions also enable employees to collaborate freely while ensuring?a high level?of #security and?visibility and?be able to?revoke access to sensitive data that has been shared by email mistakenly. Further, by adding a cloud-based tether, access to data can be managed with access rights, and the data decrypted if the person is approved.??
Data, as we well know,?is the lifeblood of business?today,?and?when?it’s?locked down?too tightly?as some solutions do, business slows down.?When organizations?adopt a data-centric security solution that secures sensitive data through its entire life cycle; everywhere it travels, no matter who has it or where?it’s?stored, the business can be carried on securely. By adding?in?this?additional?layer of?data-centric?security, data is protected in motion, in use, or at rest?both?inside?and?outside the organization.?
Layer?Data-Centric Security?Solutions?for Ultimate Data Security?
To make?a?data security investment pay off,?it’s?important?that organizations?first know what data needs protection?and?also?its value.?Data classification?technology is the foundation of data-centric security. With data classification?in place?to?identify?and value data in place?as a best practice, organizations can accelerate further data?protection adoption?measures?and help reduce user error, as the questions surrounding how to handle?particular data?are automatically addressed.?
Once classified,?controlling,?and securing data requires protections beyond?those necessary?infrastructure barriers,?#Data loss protection (#DLP)?and?email security?solutions?actually surround?data increasingly vulnerable to phishing and spoofing threats, ransomware, and #spyware, and inappropriate sharing. Unlike some all-out “blocks” which bring business to a screeching halt, robust #DLP and email security solutions protect sensitive data through #encryption and automated processes while allowing legitimate communications to continue.??solutions?actually surround?data increasingly #vulnerable to phishing and spoofing threats, ransomware and spyware, and inappropriate sharing. Unlike some all-out “blocks” which bring business to a screeching halt, robust #DLP and email security solutions protect sensitive data through encryption and automated processes while allowing legitimate communications to continue.??
Managed file transfer (MFT)?solutions to secure these identified and sanitized files in motion and at rest. Centralized, enterprise-level technology can simplify, integrate, and move data anywhere securely, swiftly, and across all environments and applications with critical?encryption?and automation functionality.?Combined with content analysis and adaptive #DLP, sharing files with?MFT?allows for more secure, streamlined?collaboration and exchanges.?
No matter where files travel, data-centric?digital rights management software?#encrypts and controls access to #sensitivedata to ensure protection is placed around access, use, and intellectual property inside and outside the organization. The foundational data classification applied at the onset automatically triggers data-centric policy enforcement all the way through to the ultimate deletion of data.