By David Konetski, Dell Fellow and Executive Director of End User Computing Security & Systems Management Solutions, Dell
Once upon a time, data security was relatively simple. Keep proprietary and sensitive data behind a strong corporate firewall, and protect the perimeter of your network. Today, the proliferation of mobile devices and increasing adoption of cloud computing has virtually eliminated the network perimeter.
During a panel discussion with my colleagues at Dell World 2014, we explored how people are becoming walking data centers and the traditional security perimeter is disappearing—further complicated by data moving into the cloud and the myriad of endpoints that access information. But even as we’ve become more adept at protecting endpoint devices and data on them, the paradigm must continue to evolve.
Evolving security
Ultimately, the security perimeter and access controls need to be embedded into the data itself. As data increasingly becomes the lifeblood of business, it must be self-aware and self-protecting to securely flow to the right people—and only the right people—at the right time and in the right location. Starting at the time of its creation, enterprise data should be protected and enhanced with context and policy—who, what, where, when and how it can be accessed—or know where to go to determine the access policy.
Sixty-four percent of employees globally conduct at least some business at home after business hours, according to Dell’s second Global Evolving Workforce Study, which surveyed almost 5,000 employees of small, medium and large organizations in 12 countries. And about half of employees globally use personal devices for work purposes or expect to do so in the future.
Protection at the data level
As work and personal computing increasingly comingle, the current approach to enterprise security must be extended. Encrypting everything with a single enterprise user key and locking the user to a single device becomes very user unfriendly. Tethering users to the enterprise to get work done is not sustainable. We must control access to data using the granularity of the data itself. With data-level protection, organizations will be able to control access to a particular piece of information based on any number of variables, including the sensitivity of the data itself, the identity and location of the user, the device requesting access and its network connections, and other contextual details.
A data classification system will help you understand important attributes of the data, for example, whether it’s company IP, subject to HIPAA regulations or contains personally identifiable information. This combined with the identity of the user, the device used and several additional pieces of context will allow smart access to the data.
An authorized user trying to access particular data from a corporate-managed device behind the organization’s firewall may get unfettered access. While someone requesting data from a public Wi-Fi network in a coffee shop may be told to find a more secure location or be granted only limited access, according to pre-set policy.
Data visibility
Today an enterprise has no way to know how much data is egressing from its environment, where it’s going or how it’s being used. And that’s a top concern of many of our customers. But once data becomes self-aware and self-protecting, the enterprise will have what we call data visibility.
When every piece of data is self-protecting – carrying context, access controls and policy – access and use can be reported back to the enterprise. Organizations will be able to run a simple report on where all its data has been accessed over the past 24 hours, for example; or get an alert when more than 10 particular file types are open outside of their countries of operation. The possibilities are almost endless.
Though the implementation will be multi-layered and complex, the era of self-aware, self-protecting data will help simplify information security. Providing insight into data usage with valuable access, policy compliance and anomaly reporting will begin to allow IT professionals to move from looking for the issues to being notified when an issue arises.