Data is indeed everywhere, that’s without a doubt. And it’s not just because of the exponential growth of data due to more and more devices and input nodes. It’s also that the way we consume, analyse and process data has changed dramatically. Data is constantly moving between different environments, databases, and applications, which can be on-premises, in the cloud or a combination of both.
There’s no disputing that the cloud is one of the best things that ever happened in terms of advancing and accelerating innovation across nearly every industry. For, cloud computing and cloud data storage give organisations a flexible, scalable and cost-effective way to store and analyse massive volumes of data.
We see many organisations using both on-premises and cloud services for data analytics, often from multiple vendors, which led to the buzzword multicloud. With these complex infrastructures, data can and truly will be everywhere.
But unfortunately, security isn’t.
Aside from the advantages cloud computing brings to data analytics, it also presents new security risks in terms of additional attack vectors and accidental leakage of sensitive data. This creates new challenges for data analysts and data security experts alike. And despite the best efforts of cloud service providers to inform their customers otherwise, a common misconception still prevails, namely, that minimum viable, out-of-the-box security solutions are enough to keep data safe in the cloud. That is patently false as companies have to implement security that fits their specific use cases.
Data security remains one of the biggest hindrances to businesses wishing to gain valuable insights from theirstores, whether they’re on premises, in the cloud or in some combination of the two. Failure to secure sensitive data both adequately and consistently can result in one or more of the following consequences:
- Denial of access: analysts are denied access to the data because it contains unprotected sensitive elements.
- Fines and other legal repercussions: if access is allowed despite adequate protection of sensitive data as prescribed by law, the organisation may be found non-compliant with PCI DSS, GDPR or other data protection regulations.
- The unprotected data is lost in a breach: breaches can be massively expensive. Besides the penalties mentioned above, they can also result in mitigation costs, loss of revenue and customers and sharp drops in share price.
Given the obvious inadequacy of perimeter defences, breach detection and classic encryption, companies need a new approach to security that protects sensitive data when all else fails.
Data-centric security protects the data throughout its entire lifecycle, going wherever the data goes to provide strong protection, without affecting usability.
Instead of focusing on protecting the perimeter, network, endpoints or applications, data-centric security prioritises datasets to protect the data itself. It protects big data everywhere — for example, while it’s in use for analytics, when it’s in motion between on-premises data stores and the cloud, and when it’s at rest.
It also protects individual data elements wherever possible. For example, if a dataset contains a mix of sensitive personal data along with other data that is not sensitive or otherwise regulated, a data-centric security strategy protects only the sensitive data at the individual element level.
In a nutshell, data-centric security puts security everywhere it needs to be.