Trends in Data Centric Security White PaperBy Adrian Lane
It’s all about the data. You want to make data useful by making it available to users and applications which can leverage it into actionable information. You share data between applications, partners, and analytics systems to derive the greatest business intelligence value possible. But what do you do when you cannot guarantee the security of those systems? How can you protect information regardless of where it moves? One approach is called Data Centric Security, and it is designed to protect data instead of infrastructure. Here is an except from our paper:
This is what Data Centric Security (DCS) does: focus security controls on data rather than servers or supporting infrastructure. This approach secures data wherever it moves. The challenge is to implement security controls that do not render it inert. Put another way, you want to derive value from data without leaving it exposed. Sure, we could encrypt everything, but you generally cannot analyze encrypted data. Nor can you expect to securely distribute key management and decryption capabilities everywhere data moves. But you can enable data to be protected everywhere without exposing sensitive information.
This research delves into what Data Centric Security is, the challenges it addresses, and the technologies used to support customer use cases. We hope you find this research useful, and see DCS as an alternative to traditional infrastructure security.
We would like to thank Intel Services for licensing this research and supporting our Securosis Totally Transparent Research process. Download Trends In Data Centric Security (PDF).