Wednesday, January 7, 2009

Devolution and data-centric security

Forrester has been covering the data-centric security space for a while - Paul Stamp has had some good articles and now Andy Jaquith has an new report out as well - "Data-Centric Security Requires Devolution, Not A Revolution". The bottom line is to not think of this approach as revolutionary - While I agree with Andy to a certain degree, I would like to characterize this approach as being more the "logical" way to really protect data. You don't need to devolve to do this, but approach it logically :)

There are no complete solutions out there yet that fulfill the promise of data or information-centric security completely - and as in the case of all technology, there will always be work to be done! Therefore, one will be working with some sort of hybrid solutions for a while. There will still be areas where protecting the device or the network will make sense - these tools are widely available and have become mature. However this mistake that is made is to assume this is sufficient.

Andy has blogged about his report. He mentions that all data needs to be secure - no doubt. But we have to start thinking beyond those data elements at rest and think of data as a flowing medium - protect it everywhere. In this case, the only logical way appears to me to be the information-centric approach.

No comments: