Moving into the future of data security will be something every business needs to undertake as soon as possible, if not immediately. Brian Fung wrote on on the National Journal that data-object security may be something for businesses to consider even though it relies on every system being inherently insecure, something most organizations don't want to think about.
As an introduction, he used the example of a library that locks its doors every night, but one night a burglar gets in. While the burglar was able to carry out some outdated pieces of literature and, as Fung humorously put it, "self-help books from 1974," nothing of value was taken.
"The idea is actually as liberating as it is worrisome," he wrote of this security technique. "Today, systems such as email are generally protected by a single password that, if broken, allows an intruder to run as far as he wants inside your inbox. Networks and servers are similarly vulnerable; they're little more than a lockbox for your data. But if you assume that the lock will eventually get broken, that frees your attention to focus on what happens next."
Data-object security comes in handy here, as if a company assumes a system will get broken into, the data protection safeguards will be in place to shield sensitive information from potential exploits. Fung put it another way; this is less defending the system and more what goes into it.
He spoke with Josh Sullivan, a vice president for data analytics at Booz Allen Hamilton, who said that as more businesses come around, the common idea of promoting data stewardship in this will will rise up. Sullivan told Fung this is a whole new way of thinking, as companies had previously tried to make everything infallible and hope for the best. This means all data was held essentially in equal regard, allowing sleek cybercriminals to make off with perhaps some important pieces of data.
Computer Weekly said when companies are classifying data, they need to know the drivers of why certain pieces of data are more protected and why others are not.
"The best way to formulate answers to these questions is to initiate a discussion that involves representatives from those parts of the business that have a stake in corporate data – namely the board, IT, finance, the various business departments and company lawyers," the website said.
Once it is understood why this type of protection is coming into place, the company should have a much stronger idea of how to strengthen security and what they can get from this method of data protection.
Data Security News from SimplySecurity.com by Trend Micro