‘Go for data-centric security’

Data protection is critical for any enterprise now, and data-centric security and rights management are key to survival and growth of any business. Hence, it is important to have a unifying platform in place, says Vishal Gupta, Founder and CEO, Seclore

What is the first step for enterprises in their data protection journey?

It is important to realise that IT infrastructure consisting of devices, networks, applications and even people are all moving outside of the enterprise control. If data protection is the goal, data protection should be the activity against infrastructure protection.

Enterprises have typically taken a broken approach to data security i.e. deploying a specific technology like DLP or Classification and then adding more things like encryption or rights management without a unifying system to manage the program. This means that individual technologies become silos that don’t work or integrate with each other and the enterprise does not get end-to-end visibility of its data protection program.

My first recommendation would be to define the data protection program and have a unifying platform in place. The unifying data-centric security platform can provide a single pane of glass view of all data protection initiatives within the company and beyond.

What are the key drivers for adopting data-centric security and rights management?

For enterprises today, data has become like oil i.e. the most valuable asset. Unfortunately, the data is also free-flowing and tough to control. Enterprises are today in a constant data chase where they are chasing data from endpoint devices, networks, applications, cloud, phones and third parties. This has become a nearly impossible chase. Enterprises are realizing this and moving their security initiatives to data.

While the implication of data-centric security is far and wide the most drivers are:

• 3^rd party risk/external collaboration: Every minute there are millions of emails and documents containing confidential information being shared with external agencies like contractors, partners, customers, lawyers, etc. Half the enterprise data breaches are due to breaches at these external agencies and nearly two-thirds of enterprises don’t even know which external agencies have access to confidential information. With security that follows the data, the data itself carries its own security and privacy policy and can therefore be freely shared with third parties but still be controlled. Examples of this are:
  1. One of the largest banks in the world uses Seclore’s data-centric security to share confidential customer data with third-party collection agencies.
  2. The largest material research company in the world uses Seclore to share highly confidential design documents with external fabricators.
  3. More than 100 listed companies use Seclore to protect forward-looking financial statements with external auditors to protect against insider trading.

• Data privacy and compliance nonrepudiation:  Data privacy and compliance is already a tough problem. With compliance that follows the data, enterprises can now get usage information like ‘who’ accessed the information, ‘what’ did that person do, ‘when’ and ‘where’. This rich telemetry of data usage provides immensely valuable and is helping enterprises comply with privacy regulations and prove the compliance! Within the Middle East itself compliance frameworks like SAMA, NESA,FIFA are making life difficult for enterprises.

• Data security in the cloud: More and more enterprises are moving collaboration to the cloud. One of the challenges with cloud-based collaboration technologies is that the data security is directly dependent on security of the cloud infrastructure on which enterprises have no control and little visibility. With data-centric security that follows the data, enterprises can regain control of the data going to the cloud and ensure that even if there is a breach of the cloud service, the enterprise data does not get compromised.

Tell us a little more about Seclore’s business associations

Seclore is one of the largest specialist providers of data-centric security platforms and rights management systems. Seclore’s customers include some of the world’s largest organisations like American Express, General Motors, ICICI, Allianz and Prudential besides numerous government and defence establishments. Within the Middle East, Saudi Telecom, Etimad,Oman Data Park, PIF, Smart Dubai, Red Sea and KFUPM, etc., rely on Seclore to protect their most confidential information.

For more information, please visit www.seclore.com