At the recent RSA Security Conference in San Francisco, data-centric security and protection received a lot of attention. Several trends account for this. The main one, of course, is the large number of high-profile data breaches and other cyber attacks continually making the news — a trend that shows no sign of subsiding. In addition to this constantly lurking threat, we can add growing compliance and regulatory requirements as well as the advent of new (difficult to protect) technologies, applications, and architectures. Throw in all the revelations about hacking by various government intelligence services, and it’s easy to see why organizations and security solutions providers have made data-centric security and protection a top priority.
The data-centric security model focuses on protecting an organization’s sensitive data as opposed to protecting the overall computer networks and applications — as is the case with more traditional security models that function primarily by implementing a security perimeter designed to keep bad actors out. That said, data-centric security is intended to support an organization’s overall data loss prevention strategy in conjunction with network, anti-virus, and other enterprise security incident and event management systems.
In practice, data-centric security solutions are designed to work with existing networks and IT systems to safeguard data even when perimeter and network defenses are penetrated or endpoint security fails. And they are increasingly seen as a way to protect sensitive data wherever it resides — whether in cloud platforms and cloud applications, traditional databases, big data environments (e.g., Hadoop, NoSQL databases, in-memory analytics), mobile platforms, and Internet of Things (IoT) technologies. This is accomplished by identifying and encrypting sensitive data (where it resides), and controlling user and application access via a centralized key management system.
In the data-centric security model, only authorized users are allowed access to encrypted data via the cryptographic key necessary to decrypt it. Consequently, in theory, should the organization suffer a data breach, any stolen or leaked data would prove useless to hackers and other bad actors because they would be unable to decrypt it.
Data-centric security has been around for awhile; however, it is receiving renewed attention as a way to extend data protection and security to end-point and edge devices and computing associated with cloud, mobile, and IoT technologies. Such applications are seen as somewhat complicated to protect because they tend to stretch the bounds of what we’ve come to consider a fairly well-defined computer network. (For example, securing data in cloud environments is worrisome due to lack of control of its location; while mobile and IoT have their own concerns regarding the security of the devices themselves as well as how they get access to corporate data. And, for that matter, big data environments like Hadoop are worrisome because they were not initially designed for managing sensitive data — certainly not to the degree that we’ve come to expect with enterprise relational databases.)
In short, data-centric security is intended to address requirements for locating and identifying sensitive data residing in databases and other systems, and apply data encryption, data masking, and policy-based data access controls and monitoring to protect data residing across multiple enterprise environments.
An important industry trend is that the data-centric security vendors are now applying behavior analytics and machine learning (ML) to add automated analysis and adaptive capabilities to their offerings. In fact, behavior analytics and ML are emerging as ways for implementing real-time threat detection in IT security environments in general. At the RSA Security Conference, behavior analytics used in such a capacity was the subject of considerable discussion. And a number of security vendors have announced new products using the technology over the last six months or so, including data-centric security providers like Dataguise, DB Networks, RSA, Security On-Demand, and Vormetric.
Behavior analytics facilitate detection of advanced attack activities. ML techniques add an adaptive capability to threat detection by allowing security programs to generate dynamic models of baseline application and user behavior. By comparing system, user, network, and other activity to this baseline model, behavior analytics seek to identify anomalies potentially indicative of suspicious activities (e.g., unauthorized or differing attempts by users to access files, compromised credentials, social engineering and phishing incidents). The goal is to spot key aspects of advanced threats well in advance so that IT administrators and security analysts can interdict them before they can turn into full-blown data breaches or other hacking incidents.
We’ll be hearing a lot more about data-centric security and protection, as it is increasingly being seen as an important component of an organization’s overall (layered) IT security strategy — one intended to protect sensitive data even when network, anti-virus, and other security solutions are compromised.