Access your Pro+ Content below.
Is data-centric security worth the implementation challenge?
This article is part of the Information Security magazine issue of October 2017, Vol. 19, No. 8
Big data and cloud storage are driving the need for more data-centric approaches to information security at large companies. Threat actors' abilities to slip past network-level defenses -- evident by data breaches such as those at Equifax -- and the need for compliance with security and data privacy regulations require a shift from infrastructure to data-level controls. Analysts have increasingly advocated end-to-end, data-centric security models. Yet, for CISOs, implementing such an approach presents untold challenges. At large organizations with well-entrenched network security programs, moving to a data-centric model can be especially complex. Awareness of the need for better data-level protections has grown in recent years mostly as the result of data breaches. Though security spending worldwide has spiked sharply and will exceed an estimated $86.4 billion this year, according to technology research firm Gartner, data breach numbers have not declined and instead appear headed in the opposite direction. Numbers maintained by ...
Access this PRO+ Content for Free!
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Features in this issue
Exponential data growth, damaging breach incidents and upcoming regulations are heightening the need for end-to-end security with data at its core.
A state CISO champions innovation for Washington, from early development of a single sign-on system to leadership of the new Office of Cyber Security.
Until WannaCry and NotPetya, estimates of ransomware cost and damages were likely overblown. But indications are that companies lost hundreds of millions from these attacks alone.
Columns in this issue
When Yahoo finally disclosed a massive 2014 data breach to up to five hundred million affected account holders in September 2016, some already had legal representation.
The 'father' of the Orange Book has first-hand knowledge of the standards required for classified computer systems and the issues with subversion.