Data security remains elusive. You can think of it as something of a holy grail. We’ve been espousing the idea of data-centric security for years, focusing on protecting the data, so you can worry less about securing devices, networks, and associated infrastructure. As with most big ideas, it seemed like a good idea at the time.

In practice, data-centric security has been underwhelming — it gradually became clear that having security policy and protection travel along with the data, as it spreads to every SaaS service you know about (and a bunch you don’t), was just too much to count on.

What we’ve been doing hasn’t worked. Not at scale anyway. We need to take a step back and stop trying to solve yesterday’s problem. Protecting data by encrypting it, masking it, tokenizing it, or wrapping a heavy usage policy around it wasn’t the answer, for various reasons.

In this Data Security in the SaaS Age paper, we rethink both the expectations and potential solutions to protect the data stored in SaaS applications.

Our research is licensed by companies that put a premium on educating their communities on important shifts in technology, and how security must evolve accordingly. We’re pleased that AppOmni licensed this report. Our research is done using our Totally Transparent research methodology. This allows us to do impactful research while protecting our integrity.

You can download the paper (PDF).