[BreachExchange] Key Factors for Data-Centric Data Protection

Audrey McNeil audrey at riskbasedsecurity.com
Fri Mar 8 10:25:50 EST 2019


A data-centric approach to data security is based on the information that
needs protection instead of the network, application or device. Traditional
network, device or application-based solutions only protected information
during the data’s life cycle.

Data protection solutions is a firewall, data loss prevention (DLP),
endpoint DLP, file encryption, information rights management IRM, have all
tried to solve the data protection needs of organizations of all sizes.

We have seen that legacy data protection solutions have not done enough to
protect data breaches. The problem of the organization has been there all
this while. Organizations now need to move to new data-centric data loss
prevention solutions.

The world has seen a maximum number of data breaches in the year 2017. The
United States stands at 1,579, and the figure indicates a 44% increase from
the past. More than 6-million records are stolen or lost every day.

Additionally, legacy is so cumbersome that it only protects a subset of
data. The fact organizations just wanted to apply protection to the
smallest amount of data possible. With data-centric solutions,
classification is not required, and all data can be protected by default,
eliminating the need for doing things manually.

The 4-key things to have for data-centric data protection solution:

1. Transparent to authorized users

The best security solutions are invisible to users. Solutions need to work
with any file type and any application without having to change file names
or extension. Authorized users should not have to change their daily
workflow, and only unauthorized users should notice security solutions are
in place.

2. Proper authentication automatically

Access control should automatically follow information since the access
control to each should be derived from the information that is contained
within the file. It is like you make a graph in excel and then paste it
into PowerPoint, the PowerPoint file gets all the access control
permissions from the original spreadsheet file. As simple as that.

3. Data-centric should have granular permissions

Besides providing access-control permissions the solutions should enforce
which applications should access data. It prevents data leakage from
malicious or out-of-date applications.

4. Data-centric solutions should support all devices

This means the solution should take care of the storage locations and
operating systems within an organization. We have seen how too many
solutions are meant for devices or Windows only protection. So now when
things like BYOD are in practice the solution should support Mac, Linux,
iOS and Android, as well for the stored data in the cloud.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20190308/021769d5/attachment.html>

More information about the BreachExchange mailing list