Blog

Highlights from Fireside Chat with Forrester Analyst, Heidi Shey

If you missed our fireside chat with Heidi Shey, Security and Risk management Analyst at Forrester, on Data-Centric Security and Why It’s a Prerequisite for Zero Trust at our Security Now 2020, here’s a quick snapshot of a few highlights.

Why is data-centric security part of a zero-trust architecture?

Data-centric security is a key pillar for zero trust. Zero trust is not about the least privileged, or network segmentation, but rather comprised of many types of pillars of control. However, data-centric security is the most complex. When you’re using being data-centric in your approach, the key is knowing what you’re trying to protect.

Data discovery and data classification efforts are important, but many organizations get stuck because they focus on the act of discovering and classifying. It’s what you do after you understand your data, after you know what to protect. Discovery and classification may also help you get more clarity around other types of data that you didn’t think too deeply about before. But it doesn’t mean you have to discovery and classify all data before applying controls. You can do both things at the same time – you can walk and chew gum at the same time.

It’s also good to understand what your data’s useful lifecycle is and what data protection obligations are required, whether it’s privacy regulations or business partner requirements.

Are organizations trending towards a one-size fits all approach for data-centric security solutions or a best-of-breed approach?

It’s relatively split. Some vendors what as few vendors as possible, maybe down to a single vendor, whereas others are all about best breed innovation. They want the shiny things. It also depends on who is making the buying decision. If it’s someone in a strategic role like a CIO or CSO, they may consolidate to one vendor for ease of management and purchasing. But others who are more hands on with tools, your security practitioners, are more likely to consider best-of-breed. These tools may have capabilities and functionality that they’re not seeing elsewhere.

Watch the entire fireside chat or read Part 1 in print. (Note: available until March 7, 2021)

Related Posts