Data Centric Security

Protecting, understanding and using data.

Data Centric Security (DCS) is a method for protecting and sharing information by focusing on securing the data itself rather than relying on perimeter or network security methods only. Data is the primary target of cyber attacks therefore the need to implement controls and safeguards data directly is important.

Legacy applications, services and tooling constrain the implementation of DCS through the use of roles and privileges. Zero Trust security is based DCS security focused on service access management. 

Zero Trust Security and DCS

Zero Trust is a security model based on the principle of maintaining strict access controls and not trusting anyone. This minimal access approach applies to the complete network perimeter, inside and outside.

While ZT focuses on securing access to resources and preventing unauthorized lateral movement within the network, DCS focuses on the data itself, ensuring that it remains protected regardless of where it resides or how it is accessed.

Information Exchange Framework RA - IEF-RA

Information Exchange Framework (IEF) is a structured DCS approach or set of standards for facilitating the exchange of information between different systems, applications, or organizations. It provides guidelines, protocols, and formats to ensure that data can be shared securely, efficiently, and reliably. see: IEF-RA V1.0

The Information Exchange Framework uses various technologies and standards, such as web services, messaging protocols, data formats, and security mechanisms. It plays a crucial role in enabling data sharing and collaboration among organizations, enabling them to leverage each other's resources and capabilities more effectively.

The Information Exchange Framework (IEF) is an OMG initiative to develop a family of specifications for policy-driven, data-centric information sharing and safeguarding (ISS) services. These services target the automation of key policy decisions and enforcement points to enable responsible information sharing across a wide range of operational scenarios. The IEF Reference Architecture (RA) guides the overall IEF effort, broadens the general understanding of ISS and Data-Centric Security (DCS) domain requirements and guides the development of IEF implementation specifications.

DCS is constrained by legacy systems and infrastructure.

Information technologies legacy is information gathering or collection, not sharing. The need for information sharing is relatively new since networks have expanded beyond domain boundaries. 

Architecture, protocols and legacy systems where not designed to label data, assign sematic operations and use policies to manage data. The acceptance of and implementation of DCS is limited by a number of additional factors such as, complexity, data proliferation, resistance to change, regulatory compliance of data sharing, interoperability standards and cost. 

Perhaps it is time to rethink what the role "information" in technology in systems.

Data States and Life Cycle.

There are three main data stated:

In an ideal DCS implementation, DCS processes apply to each of these data states or stages along with data transport. Data transport is a significant challenge where cryptology and hashes are not enough to ensure secure transport.

Data custody and attestation must be maintained throughout all data states and data life cycle. 

No Trust Security, Information Exchange Framework and Secure Relationships

Zero Trust secures traditional network infrastructure. IEF secures, tags and shares data. SRPNetOS secures data transport and extends IT operations onto the network. 

This hybrid architecture secures legacy architectures, implements a DCS overlay for existing data and secures the transport of data using SRPNetOS. SRP supports enterprise resource (ER) to ER operations built upon DCS thereby supporting the creation, storage and use of data. 

This approach helps capture the power of metadata while restricting the malicious use of metadata.

Effective DCS is tied to policy including policy development, implementation and use. To learn more please review "Policy Driven" information under referred to in the menu.

To learn more email