Tuesday, 7 December 2010

A look at Data Centric Security

As the proliferation, growth and dissemination of digital data continues to increase daily, and at an exponential rate, the corresponding need for data security systems is something all businesses can no longer ignore. There are many forms of data theft but, in the main, there are four ‘typical’ types of data that are taken either illegally or without proper authority or process. These threats are often targeting: financial information, non-public personal information, personal health information, and/or intellectual property.
So what are the facts? Well:
  • 82% of C-level executives report that their company has experienced a data breach.
  • 94% of C-level executives report that they have had their data attacked in the last 6 months.
  • 60% of the employees that lost their job admitted of taking sensitive information from their former company for reselling by downloading onto CD or DVD (53%), on a USB key (42%) or as an attachment to a personal email account (38%).
Thankfully, there has already been some movement towards addressing these concerns and as savvy IT professionals become more aware of the threats, you can sense a palpable elevation in levels of interest in how to keep data secure.

Currently, many companies control access to IT systems and services with identity and access management products such as ‘Active Directory’, and while such products may be effective in a controlled environment, it should be clearly understood that within the complex reality of most organisations a number of problems can and will arise. One of the biggest issues is that as stand-alone products they often cannot protect information and data sufficiently from unauthorised access, and additional tools are needed to achieve this. For many, being ‘physically secure’ is mainly what protects the data. However, anybody with physical access to servers could also remove disks and install them in a different computer to gain access to the files and data contained on them.

“Data-Centric” security envisages a world where individual items of data are secured irrespective of where they are held, in a fashion that allows only the appropriate access to the appropriate person, wherever they are, and whenever they try to make access. Essentially, as the rights by the owners of data are variable, circumstances – not just off-the-shelf products – should dictate all actions relating to the security of these protected items.

A great place to check out more on this topic is with Boole Server. Alternatively, you can download this presentation from a partner/customer roundtable Alpha Data organised in Abu Dhabi earlier this week.

No comments:

Post a Comment