Data-centric is a hot buzzword in the security world right now. A data-centric security approach highlights the security of the data itself instead of network, server, or application security and includes the following processes:
- Discover: data that is self-describing, allowing for the ability to know what data is stored where
- Manage: policies and controls that account for business context, allowing for the ability to define access policies that will determine if specific data is accessible, editable, or blocked from specific users or locations
- Protect: information remains protected as it moves in and out of applications and storage systems, allowing for the ability to defend against data loss and prevent sensitive data from being accessed by unauthorized users
- Monitor: policies that work through all data management layers, allowing for the constant monitoring of data usage to identify significant deviations and provide comprehensive audit capability.
Data-centric, Zero Trust, Beyond Corp, or Perimeterless
Regardless of what buzzword you want to use, data-centric is a requirement in today’s world because the content is created on the edge outside of the traditional corporate network and can live its life entirely outside of the corporate network. Created in online SaaS applications and stored & shared in cloud storage locations. How do organizations protect data that lives outside the corporate network?
A quick search online will find many zero-trust or data-centric security products that focus on a few of the required processes. SIEMs can log all activity from multiple sources and report suspicious activity. CASB can enforce single sign on to implement access policies. What about data stored or created in non-IT sponsored solutions?
One more process dimension to fix unanswered questions from above plus let’s remove the human error element in data protection
Opt-out adds a dimension to the data-centric or Zero Trust concept by declaring that by default all data should be protected. Users should not have to decide if the content is sensitive or not. Users can’t be trusted to make the right decision. Legacy data protection solutions required users to select files to protect. User decisions are the leading cause of data breaches.
- Uptime Institute collected incident data for 20 years and found human error is responsible for approximately 70% of all data incidents.
- The #1 breach type was “data emailed to incorrect recipient”
In an opt-out solution, new files and derivatives are automatically protected and receive the same access control as the original or similar files. Copying a chart from a spreadsheet and pasting the chart into a presentation automatically applies the access control of the original spreadsheet to the new presentation. Files accidentally emailed to the wrong person can never be accessed because the recipient is not an authorized user.
Consider an opt-out data-centric security solution.