So what really is “data-centric” security all about?

We hear many vendors and companies starting to talk about it.  But is all “data-centric” security the same?  Nope!  Frankly it mean different things to different companies.

data-centric securityData-centric security is an approach to security that emphasizes the security of the data itself rather than the security of networks, servers, or applications.  True data-centric security also helps reduce risk by protecting the “data”, versus the device endpoints.

To really be secure – companies need to become more data-centric in their attitude towards overall cybersecurity.  Knowing where sensitive and high-value data comes from and is stored is key.  Knowing what other end-points have and need access to that information is also key.  Therefore “protecting the data” with a Format-Preserving Encryption (FPE) method helps to ensure that data can be leveraged and used by applications – with little to no change, but renders it useless if breached, stolen, or high-jacked.

The real reason that data-centric security is becoming popular is because it provides a way to extend the security perimeter to where it needs to be. Sensitive data is extremely difficult to keep control of. It’s carried outside the security perimeter on a routine basis by people who need to use it. Laptops are routinely lost or stolen. CDs containing sensitive data are lost in the mail. USB drives are also. So keeping sensitive data inside a protected perimeter is virtually impossible. People need access to sensitive data to do their jobs, and not letting it leave a protected network isn’t practical.

Moving to the cloud is also changing the need for data-centric security.  One of the best ways to leverage the cost and efficiency benefits of the cloud and virtualization while keeping sensitive information secure, is to protect the data using a security solution that delivers data-centric, file-level encryption that is portable across all computing platforms and operating systems and works within a private, public or hybrid cloud computing environment.

Bottom-line … the big problem with protecting sensitive data isn’t that hackers get in, it’s that unprotected data gets out, and data-centric security has the potential to eliminate the problems that unprotected data getting out can cause.  Without data-centric protection that secures your sensitive information throughout its entire lifecycle, you’re at risk.

Organization paying attention are reaping huge security and information-sharing rewards, resulting in greater collaboration and confidence.  Whether a company or agency is providing information to the public, collecting data from the public or sharing information with other departments or agencies, data-centric security gives companies the opportunity to know their data is protected and is being leveraged successfully and securely.

The post So what really is “data-centric” security all about? appeared first on Voltage.

This is a Security Bloggers Network syndicated blog post authored by Sheryl Wharff. Read the original post at: Voltage