|
Data-centric security is an approach to security that emphasizes the security of the data itself rather than the security of networks, servers, or applications. Data-centric security is evolving rapidly as enterprises increasingly rely on digital information to run their business and big data projects become mainstream.〔 (【引用サイトリンク】 title =Gartner Says Big Data Needs a Data-Centric Security Focus )〕 〔(【引用サイトリンク】 Data-Centric Security Needed to Protect Big Data Implementations )〕 Data-centric security also allows organizations to overcome the disconnect between IT security technology and the objectives of business strategy by relating security services directly to the data they implicitly protect; a relationship that is often obscured by the presentation of security as an end in itself.〔 (【引用サイトリンク】 Elevating the Discussion on Security Management: The Data Centric Paradigm )〕 == Key Concepts == Common processes in a data-centric security model include:〔(【引用サイトリンク】 Information-Centric Security: Protect Your Data From the Inside-Out )〕 - Discover: the ability to inspect data storage areas at rest to detect sensitive information. - Manage: the ability to define access policies that will determine if certain data is accessible, editable, or blocked from specific users, or locations. - Protect: the ability to defend against data loss or unauthorized use of data and prevent sensitive data from being sent to unauthorized users or locations. - Track: the constant monitoring of data usage to identify meaningful deviations from normal behavior that would point to possible malicious intent. From a technical point of view, information(data)-centric security relies on the implementation of the following:〔 〕 - Information (data) that is self-describing and defending. - Policies and controls that account for business context. - Information that remains protected as it moves in and out of applications and storage systems, and changing business context. - Policies that work consistently through the different defensive layers and technologies implemented. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Data-centric security」の詳細全文を読む スポンサード リンク
|