In my last post on the DLP side of information-centric security, Adrian rightfully dropped a comment criticizing my narrow view. Since this is something he’s been talking about himself, I feel I owe a little clarification. I only meant that post to reflect how a portion of information-centric security technology will evolve; the truth is it’s much broader than that.
For information-centric security to become a reality, in the long term it needs to follow the following principles:
- Information (data) must be self describing and defending.
- Policies and controls must account for business context.
- Information must be protected as it moves from structured to unstructured, in and out of applications, and changing business context.
- Policies must work consistently through the different defensive layers and technologies we implement.
I’m not convinced this is a complete list, but I’m trying to keep to my new philosophy of shorter and simpler. A key point that might not be obvious is that while we have self-defending data solutions, like DRM and label security, for success they must grow to account for business context. That’s when static data becomes usable information.
p style=”text-align:right;font-size:10px;”>Technorati Tags: Information-centric security