The UK government, quoted on the Information Age website, recently reported that the risk to small businesses doubled between 2014 and 2016, regarding the financial risk of their data assets. This threat is particularly dangerous for SMEs and startups because of the limits of their abilities to absorb the financial losses that can be the direct result of data breaches.
Preventing Losses And Leakages
Fortunately, the options are better than they were even a few short years ago. Protection has to be robust and flexible and meet the requirements to encapsulate data now and into the rapidly evolving future. The priority is shifting away from network-centric data protection toward an approach that focuses more directly on the data itself.
The trend in data protection heads in a predictable direction, toward a layered defense of the data assets at the source. The following list of data protection principles and solutions maps out the path that data security is taking now and in the next few years.
The Principles And Direction Of Development In Data Protection
These are the principles to consider in designing secure data systems. Along with each principle, the list includes the current thinking on what is or could potentially develop as the best practice in response to the threats of criminal data breaches.
Principle #1: No content without context – Data should remain in a protected environment at all times, which means making it context dependent; it should be of no use without the proper authorization in sanctioned operations.
Solution: Network-centric environmental protection that employs firewalls, encrypted tunnels, directly in the operating system and applications.
Principle #2: Protection directly at the data source – A data protection system that is too remote from the source invites too many avenues of attack.
Solution: Create containers that keep the data encrypted anytime it is not directly in use.
Principle #3: Consistent information lifecycle security – Ensure consistent security throughout the information lifecycle.
Solution: Label data with metadata information tags that describe its attributes without decrypting it and provides a handle for consistent data management.
Principle #4: Put hardware at the core of certification – Limit the software surface area that is vulnerable to attack.
Solution: There must always be a hardware-based trust root certification as the basis to identify users and data access.
Principle #5: Apply rules and validation – The next level would be a signature code that validates the integrity of the system environment.
Solution: Centralize the authorization for access to data to control which users can access the data. Separate the functions that decide access from those that enforce it.
Emerging solution: Portable rules engines that travel with the data and determine authorization when it resides in virtualized environments beyond the control of the system.
Creating Formal Standards For Access Decisions
The final component will be to industry-standardize security architecture (for which the primary contender is OASIS XACML) summarized in the following points:
- Standardized data encryption containers
- Standardized interface controls to manage how to deploy the data security tools
- A protocol for data rights management
- Standardization for metadata that is machine readable at policy decision points