Infosec 2013: 'Security must home in on data - not its surroundings'

Unlike many trade shows in the tech world which turn into a simple battle of products, Infosecurity Europe brings together a battle of theories and philosophies too, as industry experts preach what they believe is the key to keeping organisations safe in the cyber sphere.

A common theme in modern security discourse is the increasing need to go beyond simple perimeter defences and focus on protecting the very data itself, and that was something Voltage Security’s Dave Anderson said was at the core of strong security policies in the enterprise.

“It always comes back to the data centric approach as supposed to trying to build these segmenting walls and imposing different filters across a machine. We haven’t seen that work very effectively,” Anderson, the senior director of marketing at Voltage, told ITProPortal.

It is widely assumed that security breaches are somewhat inevitable within businesses, but protecting sensitive data directly can cover the backs of an organisation even if its information is leaked.

Anderson gave the example of an email he was mistakenly sent from a health company that revealed important financial details he had no authorisation to see. But if the data on the email had been encrypted or protected in another way, the damage of the email ending up in the wrong hands would be drastically minimised.

“With a data centric approach you can encrypt, tokenise or mask individual data fields based on whatever policies you want across those machines,” he said.

The issue becomes even more pertinent for organisations as the UK braces itself for widespread use of 4G connectivity – likely to spark an upsurge in mobile access to work data, and enhancing the need for insurance policies if sensitive information is not handled carefully by employees.

BYOD-based approaches will become a staple feature of the enterprise, says Anderson, and with the 4G boom set intensify the proliferation of such policies, he advises companies to plan ahead with regard to securing their mobile strategies.

“This is definitely something businesses have to start taking a look at right now, it’s just going to become more and more prevalent. Companies trying to say, ‘we’re not going to allow BYOD’ are going to find it really, really challenging… It’s an inevitability.”

But Anderson did argue that in terms of mentality, the UK was well equipped to deal with new security challenges with data protection – perhaps even more so than his native US.

“The market over here tends to be a little behind the US market, but companies I interface with over here have a much broader and much more mature way of thinking about data protection. There’s also much more of a usability discussion that goes on over here. Companies aren’t just thinking about building bigger walls around their data, they’re thinking about how they can actually use and the data – making sure the technology usable and flexible.

“From being a little bit behind in terms of market deployments, they learn from mistakes and challenges faced by other companies.”