Since you can NOT protect your infrastructure, you must protect your data.
- Information must be self describing and defending
- Policies and controls must account for business context
- Information must be protected as it moves from structured to unstructured, in and out of applications, and changing business contexts
- Policies must work consistently through the different layers of technologies we implement.
The process has been termed as Information Rights Management and you involves the following:
- Data Discovery - You must know where your data exists - You can not protect what you do not know.
- Data Classification - Not all data is created equal and every organization has its own data taxonomy
- Data Visibility - You need to know who is using your data at anytime, inside and outside of your network.
- Data Protection - All sensitive data must be Encrypted Data At Rest, Data In Transit, Data In Process In the Wild
- Data Security Analytics - You must be able to make data decisions in real time if a data breach is detected.
More Information#There might be more information for this subject on one of the following: ...nobody
- [#1] - Forget Firewalls - Enterprise Data is your New Perimeter - based on information obtained 2013-04-10