"As we’ve seen over the past few years, our cyber adversaries want to steal our data; whether it's credit card information, emails, or intellectual property."
– Jon Oltsik, principal analyst, Enterprise Strategy Group (ESG)
For years, industry analysts advised enterprises to build stronger perimeters and watch for attackers. As a result, companies and government agencies spent billions of dollars each year on hardened networks, intrusion detection/prevention, and anti-malware.
Anyone notice a decline in data breaches?
We’re now seeing a change in the analysts’ tunes; a recognition that the focus should be on directly protecting the assets valued by attackers – the data itself. As former @stake CTO Dan Geer stated recently “It’s not about keeping the bad guys out, it’s about keeping the valuable data in."
"(A Zero Trust Approach) fundamentally shifts the focus from the perimeter to the data itself…”
– Forrester Research, The Future of Data Security: A Zero Trust Approach, June 2014
Nobody will endorse eliminating perimeter security. It’s a fact that you are safer if the attackers are outside your network. However, it can’t be the primary defense mechanism. What happens, for example, when attackers steal the credentials of a privileged user? In that case, we must be able to discern the context of data use, not simply who the user purports to be. A data-centric approach provides a defense against the worst-case scenario; a determined attacker with access rights to the most critical data.
To be effective with data-centric security, you have to create visibility so there is an understanding of how information is being used by employees and contractors. You need to know who is using data and whether the proper safeguards are in place to protect that data. It's hard for an organization to have true visibility without the right tools—things like real-time monitoring capabilities or policy workflow management. You need those tools to understand where data is flowing, what kind of controls are in place, or if there's evidence of misuse or data leakage.
– Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute
Data-centric security provides continuous awareness of data classification and location, and allows organizations to enforce appropriate use by individuals and systems. It simply makes sense to focus on the data rather than individuals or networks. It’s good to see the analysts agree.
Customer Spotlight: Deploying a Data Protection Program in Less Than 120 Days
Michael Ring, IT Security Architect at Jabil Circuit shares how they deployed Digital Guardian to over 40,000 users in less than 120 days. Watch the webinar on demand now.
Related ArticlesYour Weakest Link May Not be Your Employees After All - Securing Your Data Supply Chain
Securing only your employees isn't enough to keep your data safe today - businesses must extend security measures across their entire data supply chain.Data-centric Security for Healthcare Compliance
Focusing security efforts on sensitive data to meet healthcare regulatory requirementsThe Dutch Boy and the Data Leak
Home Depot, Healthcare.gov, and Goodwill all announced data breaches in September. They will all now investigate how these leaks occurred and build defenses to prevent those particular attacks from repeating.