by Travis Wright

The case for data-centric audit and protection in the Information Age

Jun 07, 2017

Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs), as well as anyone interested in protecting their enterprise data, find themselves at a turning point in history.

Chief Information Officers and Chief Information Security Officers, as well as anyone interested in protecting their enterprise data, find themselves at a turning point in history. As the rise of the Information Age has made data more valuable than ever before, hackers have never posed a more severe societal threat than they do today. The examples of major security breaches are so numerous even from only the past year that there’s no need to list them specifically. The havoc they’ve wreaked is unimaginable.

Identity and access management provides a certain level of protection, but its walls are crumbling and access control and encryption aren’t enough. In addition, new regulations such as the General Data Regulation Protection (GDPR) and other international standards are starting to place the responsibility for security breaches squarely on the shoulders of the enterprises that are breached. Finally, hackers aren’t giving in, growing up, or going away anytime soon, especially considering the rise of the Internet of Things (IoT) and the security vulnerabilities it represents.

One of the problems CIOs and CISOs face is that enterprise IT security has traditionally been thought of as the IT department’s domain and was thus walled off from other areas of the company. However, it’s now necessary for security to be integrated throughout an organization’s business processes with input and involvement from all its key decision-makers. Segregated and silo-based security models are failing because they don’t scale and are impossible to implement across an entire enterprise.

Organizations need to take a data-centric approach to remain secure and compliant in the modern Information Age.

Enter DCAP and why it matters

Data-centric Audit and Protection, or DCAP, is a means of protecting your organization’s data privacy. It emphasizes the security of data itself rather than the security of networks, hardware, or software. One of DCAP’s main benefits is that data security can be applied to just the specific pieces of data that need to be protected, making it scalable across the enterprise while having little to no impact on a company’s business processes. Thus, it aligns data security with business strategy.

DCAP generally involves several processes. These include the ability to know where sensitive data is stored; defining policies for how data is managed within a business context; defending data against unauthorized access or usage; and data monitoring and auditing to ensure that there are no deviations from normal behaviors that would indicate malicious intent.

Gartner identifies five areas or silos where data can be protected through DCAP. They are:

  • Infrastructure as a Service (IaaS) – Cloud computing to provide virtual computing resources through the internet.
  • Software as a Service (Saas) – Cloud computing to distribute software and host applications through the internet.
  • Database Management Systems (DBMS) and Database as a Service (DBaas) – On-premise or cloud-based systems for creating, retrieving, updating and managing data.
  • Big data – Data sets that are large and complex and are thus incompatible with traditional data processing applications.
  • File storage – Data storage in which large pools of data are stored on the cloud or across multiple physical and virtual locations.

Who are the top players in DCAP and why?

Gartner recently released its Market Guide for Data-Centric Audit and Protection for 2017. This report is intended for those who are concerned about the privacy of their data. Its purpose is to help them evaluate technology to meet their security needs. It’s not a ranking, but is instead a means to identify the capabilities of vendors in the marketplace and indicate the coverage options that each one offers.

According to Gartner, “The exponential growth in data generation and usage across multiple data silos is rendering current data security methods obsolete, requiring significant changes in both architecture and product selection approaches.”

To this end, Gartner identifies several security features that should be offered by DCAP vendors for one or more data silos. These features include:

  • Data classification and discovery – Classify and discover sensitive data both on-premise systems and cloud-based storage in IaaS, SaaS and DBaaS.
  • Data security policy management – Set, monitor and control privileges of unique user identities (including highly privileged users such as administrators and developers) with access to the data.
  • Monitoring user privileges and data access activity – Use behavior analytics techniques to monitor users when accessing data in real time, generate customizable security alerts, and block unacceptable user behavior, access patterns or geographic access, etc.
  • Auditing and reporting – Create auditable reports of user access to data and security events with customizable details that can address defined regulations or standard audit process requirements.
  • Behavior analysis, alerting and blocking – Prevent specific data access by individual users and administrators. This may also be achieved through encryption, tokenization, masking, redaction or blocking.
  • Data protection – Provide a single management console that enables the application and orchestration of data security policies consistently across multiple data repository formats.

There are many vendors in the Gartner report that offer partial coverage across a single or multiple data silos, but organizations may want to select a vendor that offers protection capabilities for all silos through DCAP. There are only two vendors in the Gartner report that meet this criteria: Protegrity and Informatica.

Increasingly, DCAP is becoming a critical component of an organizations’ ability to protect its most sensitive data. DCAP vendors are quickly adding capabilities, but few vendors have achieved the broad coverage for both on-premises and cloud-based data protection. Regardless, the purpose of DCAP is to integrate data security with business processes for the benefit and protection of the organization as a whole.

By integrating a comprehensive and holistic DCAP solution into your enterprise, you’ll be laying the foundation for the most impenetrable walls of the Information Age.