March 8, 2018
By Jelani Harper Editorial consultant, IT market
Features

The critical confluence of information governance and security breaches

At the data layer

The most effective means of implementing security is to do so in layers. Thus, prudent organizations will fortify role-based access security with measures specifically targeting the data themselves. The fortification of such a layered methodology is almost beyond reproach. IBM indicates that approximately 4 percent of data in breaches since 2013 involved encrypted data; however, little more than 2 percent of data in data centers is actually encrypted. The best methods of protecting data—as opposed to data’s access—involve:

♦ Encryption—Encryption requires encoding data so that the meaning is indecipherable to those who do not have the requisite decoding key. However, the way encryption is implemented is immensely important, particularly when relying on the encryption of popular third-party cloud providers that offer this mechanism as a means of providing security. “If you store your data in AWS, that may well give you a placebo sense of security,” Chang says. “But if you misconfigure AWS or lose your credential, you’ve got a security breach on your hands.” A more secure means of leveraging encryption in the cloud requires encrypting data prior to sending it to the cloud, in which case the organization—and not a third party—has the keys.

♦ Masking—Masking is similar to encryption yet has a couple noteworthy distinctions. Encryption is two-way, meaning that which is encrypted can be decrypted with the keys. Masking is one-way, cannot be undone and involves changing information to a non-valid form, which appears somewhat similar to the original data. Masking data requires organizations to identify the source data via the masked form, which can increase the overall complexity.

♦ Tokenization—Tokenization enables organizations to replace data with identifying symbols that provide multiple utility. Those symbols can function as a means of reconfiguring data for security. Moreover, tokens can be used in lieu of data, which is particularly valuable with cloud deployments in which there are strict regulations about where data actually are.

♦ Triple-attribute security—That approach increases data security by imbuing semantic facts known as triples with any number of arbitrary key-value pairs as a means of augmenting role-based security filters—which are provided by those same triples. The arbitrary nature of those key-value attributes is of immense benefit and can encompass security clearance levels, expiration dates, trust factors and any other relevant factors. That method delivers both role-based access and data-level security. “There’s two mechanisms here; combined they can be used to create incredibly powerful security models,” says Jans Aasman, CEO of Franz. “They’re embedded in the storage layer so you can’t cheat to get the data.”

Previous Page Next Page

Free

for qualified subscribers

Subscribe Now Current Issue Past Issues

KMWorld 2024 Is Nov. 18-21 in Washington, DC. Register now for Super Early Bird Savings!

The critical confluence of information governance and security breaches

How Knowledge Graphs Make Generative AI Consumable in Enterprise Environments

Building a KM Foundation for Enterprise AI

TRANSFORMING ENTERPRISE KNOWLEDGE: THE JOURNEY TO SAFE, SECURE, AND TRUSTWORTHY AI

More

Intelligent Content Management: Game-Changing Technologies and Strategies

Optimizing LLMs with RAG: Key Technologies and Best Practices

What's Ahead in Search: AI, NLP, Knowledge Graphs, and More

Rethinking KM for Agility, Efficiency, and Innovation

More Webinars