Introduction To Data Centric Security Model

Evolving deperimeterized networking capabilities in the operations of an organization have made various security measures ineffective or flawed. Concepts like cloud computing, distributed computing and enterprise mobility demand corporate data for the workforce or clients with effective security at the same time. Deploying conventional security methods like firewalls, virtual channels, VPNs etc. are capable of introducing security at the infrastructural level. However, with delocalization of resources of the organization, it is desired to make the confidential data available to the workforce in a most secured manner, anytime and anywhere.

Protecting the critical data and information within an organization throughout its lifecycle instead of protecting the infrastructure of the network from any kind of intrusion is called as Data Centric Security. The main approaches for provisioning a data centric security model within an organization are:

• Initial step in adopting a data centric security policy begins with understanding the types of information a company possesses, its sources and importance of these assets for a company.
  
  
• The next step frames the set of guidelines of data handling according to the policies of business. It basically drafts a set of security policies needed to be implemented on the data according to the business policies followed by an organization.
  
  
• Then comes the determination of security services that need to be deployed and are required to support the guidelines framed above. It outlines the data security methodologies which will protect the business data according to the requirements of the business.

Data centric security model classifies the corporate data and information assets according to the nature of data. Classification could be based on the utility of data according to the department handling it. For example, financial information is classified separately and thus security policies are drafted according to the sensitivity of data. All the permissions and policies are imposed on various classes of data according to the way this data would be handled by the user and his authority over the information. Various rights and privileges are assigned to protect data and can only be accessed after the user's credentials are matched and authenticated to access it.

Although data centric security model is built around the need of protecting data only instead of protecting the infrastructure of the network, if doesn't really mean that infrastructural security is not necessary anymore. Data centric security is supposed to be an extension of infrastructural security and so, for a strong ground, infrastructural security is equally essential for an organization. Integrating a data security model with an infrastructure centric model yields a stronger information security policy for an enterprise within and outside its campus.