Protecting data in use
Last week, I blogged about data classification and how it’s difficult for many organizations to gain control of. The next day SearchSecurity published Data classification is first step in successful data protection, an article that addresses the need to classify data to properly secure it. The trouble with it is the enormous amounts of data we create and getting a grip of it all. I see companies begin new “data classification initiatives” and most have ended up failing within a couples years, followed by a new “improved” initiative. We’ve also shifted from protecting the devices that hold our data to protecting the data itself. Classifying data helps in every respect towards our goal of information security.
The other day, LonerVamp asks how are you protecting your data in use? In some business units, protecting data through digital rights management is a viable solution for enforcing restrictions; such as the number of times a document is viewed, when it expires, whether it can be printed, etc. It doesn’t prevent someone from taking a screenshot or reciting its information, but what else is there to do (technically speaking)?
A very fundamentally low-level issue, data protection. :) Makes ya kinda wish corporations widely adopted MAC controls like the military and gov’t. Sadly, that would prevent business (or so they say). :(
Also makes ya wish we could see the strategies used by the groups who need it most: NSA/CIA types. What are their policies in their physical buildings and digital systems? I’d love to see that!
I think most companies will be focused on protecting data from outsiders and we’ll never truly address overzealous insider data access very well at all.
@LV
MAC and MLS did brick networks and break things because they suffered from “special conditions” syndrome. When you add new objects to the host kernel, features are lmited to that host, definitely a problem in a mixed platform environment.
We have found a way to avoid that and in fact, provide MLS that scales, even in a MS environment. The concepts of MAC/MLS were good, their implementation in modern networks were not.
The business world now needs confidentiality more than ever due to privacy concerns etc.. However, 80% of security spending is on edge security to prevent damages that amount to about 20% of the damage to the enterprise.
The business world now needs confidentiality more than ever due to privacy concerns etc.. However, 80% of security spending is on edge security to prevent damages that amount to about 20% of the damage to the enterprise.
Our networks are like M&M’s — hard and protected on the outside, soft and chewy on the inside. Yet, the inside accounts for a lot more than what’s outside.