Data-centric security is an approach to security that emphasizes the security of the data itself rather than the security of networks, servers, or applications. Data-centric security also allows organizations to overcome the disconnect between IT security technology and the objectives of business strategy by relating security services directly to the data they implicitly protect; a relationship that is often obscured by the presentation of security as an end in itself.
DATA-CENTRIC SECURITY IN ACTION
The defining characteristic of data-centric security is that protection is applied to data itself, independent of the data’s location. To be effective, this must happen automatically—sensitive information should identified as soon as it enters an organization’s IT ecosystem and should be secured with policy-based protection that lasts throughout the data lifecycle. A typical implementation of data-centric security consists of software agents installed on every IT asset where sensitive data might be created or stored—laptops, desktops, servers, mainframes, mobile devices, and elsewhere. These agents are controlled by a centralized management console, where administrators define the appropriate form of protection for each data type and use case. Each time a file is created or modified, the system scans the file to determine whether it contains sensitive information and automatically applies for the appropriate protection. End-users may be given the ability to modify these actions manually, but are otherwise not involved in the process. Protected data remains available to authorized users, but cannot be accessed by unauthorized users, even when files travel outside the company network. When implemented on an organization-wide scale, data-centric security reduces or eliminates the impact when network and device protections inevitably fail, while at the same time removing data silos and other internal obstacles.
KEY PRINCIPLES OF DATA-CENTRIC SECURITY
Each organization requires a unique solution—one tailored to fit the company’s threat exposure and business needs. However, all successful implementations of data-centric security have certain characteristics in common: they’re tightly controlled from a centralized management system, they provide coverage across the entire organization without security gaps, they rely on automation rather than manual intervention, and they’re adaptable enough to grow and change along with the organization. Every data-centric security solution must be designed with these key principles in mind, or the finished product will fall short of its goals. Credo’s Data-centric security approach helps organizations achieve their goals.