In my last post on the DLP side of information-centric security, Adrian rightfully dropped a comment criticizing my narrow view. Since this is something he’s been talking about himself, I feel I owe a little clarification. I only meant that post to reflect how a portion of information-centric security technology will evolve; the truth is it’s much broader than that.

For information-centric security to become a reality, in the long term it needs to follow the following principles:

  1. Information (data) must be self describing and defending.
  2. Policies and controls must account for business context.
  3. Information must be protected as it moves from structured to unstructured, in and out of applications, and changing business context.
  4. Policies must work consistently through the different defensive layers and technologies we implement.

I’m not convinced this is a complete list, but I’m trying to keep to my new philosophy of shorter and simpler. A key point that might not be obvious is that while we have self-defending data solutions, like DRM and label security, for success they must grow to account for business context. That’s when static data becomes usable information.


p style=”text-align:right;font-size:10px;”>Technorati Tags: