We recently had the pleasure of sponsoring and attending the Innovate Cybersecurity summit in early October and wow what a refreshing event. It was our first opportunity to really be face to face with the industry in a long time and the show provided a great platform to enable productive in person discussions. The reverse expo was a big hit! In addition to being reminded how important in person contact is to build new relationships, Innovate reminded us that data centric security continues to be front and center in the CISO organization. Some organizations have successfully adopted a data centric security strategy, while others have barely started. If you are still unsure of what data centric security means, check out this blog post from the show where Michael Howden, Director of Security Services at Novacoast, does a great job summarizing it in more detail.
What has changed with data centric security?
The concept of data centric security is not new. “Data is the new perimeter” has been a reality for more than a decade. What has changed is the accessibility of solutions that can accelerate a data centric security workflow while still enabling cloud-based collaboration. While CISO organizations embark on these data centric strategies, the question remains, will the business accept it or push back? Let’s face it, as the business has pushed for a digital strategy that enables cloud-based collaboration, security is often viewed as the roadblock to making this a reality. However, we believe (and have seen firsthand) that with a modern approach to data centric security, the business will embrace the controls instead of push back.
Three reasons data centric security finally enables collaboration
1) Links reduce complexity
As organizations started to adopt cloud file sharing, they immediately changed when data needed to be controlled. Before people shared files with links in a central cloud, they would share with methods, such as email attachments, where security had to focus on trying to control the file at the time of sharing. This meant data centric security forced organizations to deploy complex policies to address endless scenarios that often led to false positives or encryption that nobody could use, ultimately leading to knowledge worker frustration. With links, you don’t need to control the file, you only need to control access to the file. This fundamental shift allows security to deploy more context aware policies that don’t lead to false positives and keep knowledge workers sharing in a cloud-based collaboration experience.
2) Labeling is a question of when, not if
Gone are the days that organizations need to convince themselves that data must be classified. It is now generally accepted that labeling is foundational to a data centric strategy. How an organization labels data will vary across a spectrum of 100% manual to 100% automated. Arguments can be made on both ends of the spectrum about what approach is better, but the recommended strategy really comes down to regulations, maturity, and organization size. Irrespective of approach, with labeling, users do not need to be part of the policy decision, they need to ensure the label of the file is correct. For the average knowledge worker, this is a much less daunting task then forcing users to determine whether the file needs to be encrypted or is even allowed to be shared with an external party. Instead, with labeling, knowledge workers just need to understand the sensitivity of the file. Yes, with an overly complex taxonomy this can be difficult, so we recommend keeping your taxonomy simple and to something that doesn’t require hours of training.
3) Modern data centric security solutions are born from the cloud
Knowledge workers want to collaborate from the cloud. They have been telling us this since the dawn of Shadow IT back around 2010. The good news is that modern data centric security solutions have been listening and now enable cloud-based workflows from the cloud. This architecture shift for the data security industry is critical not just to support your collaboration workflows of today, but the future of collaboration in your organization. The cloud drives innovation at a compounding rate and data security must be able to keep up. Knowledge workers do not want to be forced into workflows that take them away from the advantages of cloud collaboration (e.g. co-authoring) and cloud-based data centric security supports that mandate, well at least we do 😊The last two decades have produced constant battles between knowledge workers and security. A lot of this friction has been created because, as an industry, security had failed to keep up with the pace of digital transformation. We believe that the next decade will be different. Harmony can exist between knowledge workers and IT through safe and frictionless collaboration with data centric security at the heart of it.