Access your Pro+ Content below.
Is data-centric security worth the implementation challenge?
This article is part of the Information Security issue of October 2017, Vol. 19, No. 8
Big data and cloud computing are driving the need for more data-centric approaches to information security at large companies. Threat actors' abilities to slip past network-level defenses -- evident by data breaches such as those at Equifax -- and the need for compliance with security and data privacy regulations require a shift from infrastructure to data-level controls. Analysts have increasingly advocated end-to-end, data-centric security models. Yet, for CISOs, implementing such an approach presents untold challenges. At large organizations with well-entrenched network security programs, moving to a data-centric security model can be especially complex. Awareness of the need for better data-level protections has grown in recent years mostly as the result of data breaches. Though security spending worldwide has spiked sharply and will exceed an estimated $86.4 billion this year, according to technology research firm Gartner, data breach numbers have not declined and instead appear headed in the opposite direction. Numbers ...
Access this PRO+ Content for Free!
Features in this issue
Data breaches and incoming regulations are heightening the need for a data-centric security model, say security leaders. Here’s how to gain control and stop unauthorized use of your data.
A state CISO champions innovation for Washington, from early development of a single sign-on system to leadership of the new Office of Cyber Security.
Until WannaCry and NotPetya, estimates of ransomware cost and damages were likely overblown. But indications are that companies lost hundreds of millions from these malicious attacks alone.
Columns in this issue
When Yahoo finally disclosed a massive 2014 data breach to up to five hundred million affected account holders in September 2016, some already had legal representation.
The 'father' of the Orange Book has first-hand knowledge of the standards required for classified computer systems and the issues with subversion.