IDC recently released a survey of high-level decision makers regarding their organization’s practices around copy data access. You may ask yourself what is “copy data”. Copy data is all of the copies of primary data for data protection, data survivability, audits and other functions. While data control and data security are two separate and different things, they are related. Each new set of copy data brings with it the risk of sensitive data disclosure. Enterprises must think hard about how best to approach the security challenge. While the IDC survey’s focus is “copy data access”, the findings in the report are a clear indication as to why enterprises must consider data-centric security. When copies are made, they must inherit the security of the primary data.
Keeping sensitive data safe and accessible is a tough balancing act. To achieve this many enterprises implement multiple systems for disaster recovery, archival, business continuity and backup. Many times each system has different access control, users and user permissions, which are riddled with significant security gaps. As users are given access to each system with copy data, not only is the security threat multiplied, but users have the ability to localize the sensitive data and companies lose sight of how many copies are floating around in their infrastructure or in the cloud. Ultimately with each added copy vulnerabilities and the risk of a data breach increases substantially through inadvertent exposure or outright nefarious attempts to access the sensitive data.
We all see this problem is still present throughout the vast majority of enterprises, despite all the high-profile security breaches or data leaks.
Regardless of the data control systems, perimeter based security and encryption mechanisms that may be in place – whether to protect data at rest or in motion – the best way to address protecting data is by approaching the problem with persistent data-centric security.
Enterprises must protect their data at the source and encrypt the primary data set. They must implement policies to ensure only authorized users have access to the sensitive data and ensure that users are only able to perform specific functions on the data through usage policies. Enterprises must govern the data by tracking every action taken on it.
Data-centric security provides all of this and takes things even further by making sure that this security is persistent, regardless of how many copies are floating around and regardless of where the sensitive data resides. Each new copy data inherits the permissions and security from the original data set. Should the sensitive data need to be rendered useless, there is the means to do it by simply clicking a button. Imagine that!