What is DCAP (Data-Centric Audit and Protection)? A Definition of DCAP, How It Works, Best Practices, and More
Enterprises are taking advantage of big data analytics to advance their businesses. With big data arriving, there is also more opportunity for cybercriminals. That’s why companies are increasingly securing their business and customer data with data-centric audit and protection (DCAP).
A Definition of Data-Centric Audit and Production
Data-centric audit and protection (DCAP) is a term used by Gartner, a business research and consulting company, to describe a type of data-centric security. The goal of DCAP is to protect an organization’s data privacy and apply it to specific pieces of data, not the entire organization.
DCAP focuses on:
- Classifying data
- Storing sensitive data
- Data security governance
- Protecting data against unauthorized access
- Data monitoring and auditing
How Data-Centric Audit and Protection Works
Data-centric audit and protection is about protecting the data, not about preventing unauthorized users from hacking into systems. This layer of protection relies on several steps to secure data:
Classifying data
In order to protect sensitive data, business organizations need to know where the information is located and how much can be accessed. The first step is to classify data as it is created. There is content discovery technology that will classify data found in the organization’s assets. The sensitive data needs to be classified so it can be protected. For example, access rights to the data are assigned based upon common schema and policies.
Storing sensitive data
Digital rights management tools help protect sensitive data with access controls and encryption.
Identity and access management (IAM) keeps sensitive data available to only authorized users.
Persistent encryption will remain with data in storage and as it is being shared is the most secure method. Just as important as encrypting data in storage and in transmission is making sure authorized users have the proper encryption keys. This should go hand-in- hand with access controls.
Data security governance
Data governance policies will define what is sensitive data, who has authorized access to it, and how they can handle it. Data governance needs to protect data and allow users to work with it.
Protecting data against unauthorized access
Data-centric audit and protection is to keep data secure while it is being used. To ensure that security, monitoring technology can be used to help protect it. This entails using activity monitoring, access management, logical control and application security technologies.
Data monitoring and auditing
Data security is a primary goal of DCAP. It is possible to create such secure processes that it hinders the ability to actually utilize business data. Data-centric security needs to be balanced with productivity. Otherwise, organizations risk losing the benefits of leveraging big data, or users will bring the data outside of the secure environment — putting the data at risk.
Business data is more valuable when it is shared — inside and outside of the business organization. This also means the data can end up outside of an organization’s control.
Encryption can also help protect sensitive data from unauthorized access outside of
organizational control.
Best Practices of Data-Centric Audit and Protection
Data-centric security is a holistic strategy. It doesn’t discriminate against device, storage technology or platform. Ensure complete data-centric audit and protection with best practices such as:
Secure infrastructure
Reporting and auditing
Encryption key management
Data discovery
Search and destroy
Content discovery technology can help discover data hiding where it should be. Business organizations need to find it before unauthorized users do.
Data-centric audit and protection is vital for modern enterprises that leverage big data to support business processes. By finding the right balance between adequately protecting your organization’s data and supporting the use of data within the organization, you’ll create a more robust security posture without hindering productivity or sacrificing the benefits of big data.