Data Centric Security

For decades, architecting data security solutions revolved around the idea of building a fortress around the data. This is called perimeter-centric security. However, perimeter-centric security is not relevant in this new age of computing where, 1. Data is exponentially increasing in terms of volume, velocity, and variety; 2. Users (including semi-trusted third-party contractors) are spread across the globe accessing data from home and on the road; 3. Infrastructure that access, store and move data include mobile & other heterogeneous devices, cloud, SaaS platforms, etc.; 4. Regulations that govern the data and hackers who steal the same data are both becoming increasingly sophisticated. We are on the verge of witnessing a paradigm shift in data security architectures--a shift from perimeter-centricity to data-centricity. This talk is aimed at introducing and discussing in detail about data-centric security. Data-centric security is about securing data without artificial physical / infrastructure boundaries. That is, instead of securing the applications (in-use), endpoints (at-rest) & network (in-motion) infrastructure that use, store & move data respectively, data-centric security embeds security controls within the data itself.