The Data-Centric Security Paradigm presented at DataConnectorsToronto 2019

by Jim Minie,

Summary : Data is inert, passive and lacks the direct ability to control its own fate. It cannot protect itself, or mitigate risks to it during processing, while at rest, or in transit. In reality, data is fully dependent on the enterprise for protection through the use of a complex environment of security products, processes, and procedures. These include discreet methods of encryption for at-rest and in-transit data, authentication, authorization, physical security tools and applications, user behavior policies and procedures, and event collection and management.Ultimately, data security is contingent upon the correct and complete installation, configuration, and management of this complex security environment. Risk and the actual loss of data, through user error or bad actor theft, is often a direct result of mistakes made somewhere in the chain of protection.Moreover, through the adoption of cloud services and storage and external trusted partnerships across the insecure landscape, the data perimeter has expanded well beyond the ability of the current protection schemes to protect the data.The Information Security industry must recognize that the historical perimeter is obsolete and embrace the new, data-centric security paradigm. This workshop will emphasize a paradigm that infuses data with self-governance, provenance, and self-protection capabilities, to give data the ability to protect itself throughout its lifecycle.