Computer Security Moves Toward Uniting On Data Security
December 17, 2008 by AntivirusWare.No one can predict what will happen with the economy in the next year to year and a half. You can be sure, though, that threats to your confidential data will increase during that time frame. Malicious code threats are growing exponentially, and the cyber underground are becoming even more sophisticated as time passes.
Security Industry players are starting to team up in order to lower the cost, complexity and integration effort needed for data centric security. A number of things are driving the moves.
One of these things is that DLP solutions need to become more transparent. Every company that does business over the web needs DLP capabilities. Software solutions require customization, sophisticated skills, and lots of money. Microsoft’s data classification integration into Windows should help; it provides baked-in DLP basics.
DLP technology assumes you don’t know where your sensitive data is, so you want to find it, classify it and keep it confidential. ERM, in contrast, assumes you know exactly where it is, and you want to pick and choose your protection at the user and file level. The debate between DLP and ERM was misguided—large organizations need both to protect their data.
User authentication has been centralized, but entitlement management (the assignment of user privileges) has been left to each individual application. The method is rife with security vulnerabilities, and needs to be addressed. Many companies are positioning themselves to do so.
The next step is hopefully the industry coming together and defining meta-standards for classification, policy definition, and enforcement. That would be the ideal solution, anyway, however unlikely it is in the real world.