Issue link: http://cp.revolio.com/i/886554
THE DATA CENTER JOURNAL | 25 www.datacenterjournal.com e first step in moving to a datacentric security policy is typically a formal risk assessment that identi- fies the types, locations and uses of the sensitive data housed in an organiza- tion's data centers and other assets. Some data may not require protec- tion at all, whereas other data will likely require encryption with tightly controlled keys. In addition to con- sumers' personal information, many companies store financial-transaction data, intellectual property and other forms of valuable information on their servers. Once a company has determined which data requires protection, it's ready to implement its datacentric strategy, which will likely include most or all of the ongoing activities de- scribed below. Data discovery: Not to be confused with e-discovery—the process of gathering data for court proceedings— data discovery involves automated scanning of electronic files to determine whether they contain sensitive information. Discovery tools are most effective when installed on end-point devices as well as file servers, so that sensitive data can be identified and remediated as soon as it's collected or created throughout the organization. Classification: Data classification is closely related to discovery and involves adding metadata to files to indicate that they contain sensitive data. Classification can be done manually, in conjunction with data discovery, or in a standalone process. DLP: Data-loss prevention (DLP) is the process of monitoring data in transit to ensure that sensitive information isn't exchanged inappropriately. DLP technology can be integrated with other data-protection solutions to maximize its effectiveness while minimizing disruption to legitimate communication and workflows. Encryption: Data encryption is the most secure form of data protection, rendering data unreadable to anyone without the proper decryption key. Although some types of encryption only protect data at rest (while stored on inactive hard drives, for example) or in transit, persistent data encryption remains with data wherever it's copied or stored. Structured data is oen protected by format-preserving encryption, which secures information against misuse while retaining certain properties needed for database integrity. Key management: Historically, encryption has been difficult to implement on a large scale, owing mainly to the challenges of generating, exchanging, rotating and revoking the keys needed to ensure that authorized users can access data. Recent innovations in key management have eliminated these obstacles, allowing organizations to apply encryption policies across the entire enterprise and retain full control over encrypted information. Reporting: As with any cybersecurity technology, accurate reporting is essential for effective data protection. To ensure compliance with internal policies and legal mandates, administrators need visibility into where an organization's sensitive data is located and how it's being used. Datacentric security doesn't mean abandoning network and physical se- curity altogether—a strong perimeter will always be necessary as the first line of defense. e datacentric approach, however, allows companies to avoid the negative consequences that will otherwise limit their ability to compete when the inevitable data breach does take place. EXTENDING PROTECTION BEYOND THE DATA CENTER Mobile devices, cloud services and other technological changes have made it increasingly difficult for orga- nizations to control where their data travels. An important benefit of data- centric security is that it allows com- panies to protect sensitive information even aer it leaves the data center. Physical and network security measures can do nothing to protect data as it's shared and exchanged outside the company's own systems. A robust datacentric security program, on the other hand, can keep sensitive information safe from the or misuse no matter where it resides. With the right technology, security administra- tors can even revoke access to en- crypted information aer it has le the company network, providing an extra measure of security against insider threats. Data thieves, spies and saboteurs will only become more aggressive as our civilization becomes more dependent on its data. e datacentric approach to cybersecurity strategy will not only help organizations deal with the threats of today, but also ensure the best possible protection against the threats of tomorrow. n About the Author: Matt Little serves as the Chief Product Officer at PKWARE, Inc., a global leader in data security. A technologist at heart, Matt has more than a decade of experience in the IT industry. In his role as Chief Product Officer, he oversees planning development and life-cycle management for next-generation PKWARE offerings. Matt also plays a critical role in setting and driving product strategy and go-to-market activities for these products. Before his current role, he held jobs as VP of Product Development for MIS/IT Director as well as IT Manager for PKWARE. He has also worked for Compuware and Johnson Controls. Matt graduated from Marquette University with a bachelor's degree in computer science.