Data is the most critical asset of your organization. Regardless of the nature of your business, success depends on the organization’s knowledge, best practices, policies, and the well-protected secret recipe – in short, data.
Most of our thoughts on security and governance are based on an archaic notion of infrastructure security. From the 60s and 70s – when data was only stored – to the 90s, data security challenges have become increasingly intricate and complex. For the longest time, organizations have huddled and planned various tactics to protect their information as efficiently as possible.
Most networks are becoming public, and the devices are becoming more personal (such as mobile phones and tablet devices. The only way to protect all data is to focus security initiatives on the data itself.
Current Data Protection Scenario
At present, there are two main approaches to protecting data from reaching unauthorized eyes: Data Protection and Data Privacy. These are essentially the two sides of a coin. Data protection is all about guarding the information against being viewed by unauthorized eyes (who can’t see). At the same time, data privacy allows the right people to access data (who can see).
When it comes to data security solutions, the following solutions are popular:
Perimeter Security: Using solutions such as firewalls and anti-virus and anti-malware products to protect sensitive information from going out and unwanted data from entering the organization.
Network Security: Controlling data flow by filtering it through the network using solutions like DLP.
Endpoint Security: Applying strict policies on the devices and restricting their use only for official purposes using features like anti-virus and firewall.
Application Security: Controlling the use of the applications that go well with the organizational policies and restricting any alternative applications.
Additionally, there is now a new player on the block: Cloud infrastructure. While cloud solutions relieve organizations from their infrastructural conundrums, they also bring a layer of vulnerability from a data protection viewpoint.
Overall, these enterprise data protection solutions effectively protect the data flow within and outside the organization. However, every now and then, minor issues crop up and snowball into massive data breaches resulting in reputational and financial losses for significant big shots of the industry. Also, poor and misconfigured data policies in the cloud infrastructure could become any organization’s Achilles’ heel.
Over the last year, there have been 3950 data breaches impacting some of the reputed companies, and one of the primary reasons behind them was insiders sharing sensitive information. Statistics also prove that about 19% of data breaches occur due to misconfigured cloud security policies.
Zooming in on Data-Centric Security
Every technique of securing data from leakages and malware attacks comes with its own distinct flavor at every level. But every level of security also comes with a loophole or a workaround. The rising popularity of remote working and BYOD culture has created security gaps that are challenging for the data protection solutions mentioned earlier.
Therefore, it has become crucial to zoom in and go granular on our security solutions to counter this requirement. We need to focus on the most granular entity of the entire data security setup, namely data. Let’s consider the following scenarios:
- Companies are collaborating with vendors, which are external entities to them.
- Users are moving information from their protected accounts to personal accounts.
- Users share data with both internal and external users via cloud applications.
In each scenario, the level of security is bypassed, increasing the probability of data misuse. Let’s go data-centric and focus on the minutest entity of the entire security ecosystem.
Suppose the organization can set granular usage controls at the file level without relying on user discretion, no matter where the data flows. An organization may then select for how long the data may be accessible. In that case, it will be easy to protect the piece of information and track where it goes. Data-centric security audits can help in improving compliance. Let’s go back to the scenarios mentioned above, and see how granular usage controls change the game:
- Companies may share the required information with external vendors but control their usage rights. The vendors may not share information further, or they may not access it later.
- Users may find that the organization has restricted the movement of files to external accounts and vice versa.
- Cloud users can track where the information travels even when shared with external users because they have protected their documents.
Data-centric security is an effective solution for countering organizations’ information security challenges. At the end of the day, it’s all about securing one’s data. Infrastructure security doesn’t count much.