Help Us Define The Data Security Market In 2015!

Stephanie Balaouras

To help security pros plan their next decade of investments in data security, last year myself, John Kindervag, and Heidi Shey, researched and assessed 20 of the key technologies in this market using Forrester's TechRadar methodology. The resulting report, TechRadar™: Data Security, Q2 2014, became one of the team’s most read research for the year. However, it’s been a year since we finalized and published our research and it’s time for a fresh look.

One can argue that the entirety of the information security market - its solutions, services, and the profession itself - focuses on the security of data. While this is true, there are solutions that focus on securing the data itself or securing access to the data itself - regardless of where data is stored or transmitted or the user population that wants to use it. As S&R pros continue to pursue a shift from a perimeter and device-specific security approach to a more data- and identity-centric security approach, it’s worthwhile to hyper focus on the technology solutions that allow you to do just that....

Last year, we included the following 20 technologies in our research:

  • Archiving
  • Backup encryption
  • Cloud encryption gateways
  • Data classification
  • Data discovery
  • Data loss prevention (DLP)
  • Database encryption and masking
  • Database monitoring and auditing
  • Email encryption
  • Enterprise key management
  • Enterprise rights management
  • File-level encryption
  • Full-disk encryption
  • Identity and access management 
  • Managed file transfer
Read more

Framing The Discussion On Cloud Visibility And Encryption

Michael Yamnitsky

According to recent Business Technographics data, half of US enterprise technology management professionals report that there is 1.) no way to gain a single view of status and availability across their portfolio of cloud services, 2.) that they don’t have a clear way to assess the risk of using a third-party public as-a-service offering, and/or 3.) that they have no way to manage how providers handle their data. 

An interesting debate is ensuing regarding how to best protect cloud data, given the market landscape. So far two modalities are emerging: 

·A.  Inserting in-line encryption between the enterprise and the SaaS provider that encrypts and/or tokenizes all data before it goes to the cloud to ensure safety interoperating within public cloud systems. 

·B. The human-firewall model, in which IT closely monitors activity with context/content analytics and anomaly detection tools. 

The truth lies somewhere between the two. By carefully applying Forrester’s data security and control framework, clients should incrementally encrypt data deemed sensitive to compliance or regulation, such as credit card and Social Security numbers, and closely monitor all activity across users and cloud applications. 

Read more

WikiLeaks And Stratfor Make The Case For More Data Encryption

John Kindervag

Yesterday, WikiLeaks released emails taken in the highly-publicized Stratfor data breach. While many of the emails are innocuous, such as accusations regarding a stolen lunch from the company refrigerator; others are potentially highly embarrassing to both Stratfor and their corporate clients. The emails reveal some messy corporate spycraft that is usually seen in the movies and rarely is illumined in real life. For example, one email suggests that Stratfor is working on behalf of Coca-Cola to uncover information to determine if PETA was planning on disrupting the 2010 Vancouver Olympic Games.

While Stratfor’s response suggests that some of the emails may have been tampered with, this is not the point. As the soon-to-be infamous “Lunch Theft” email shows, that might be merely what the email calls Fred's rule # 2: “Admit nothing, deny everything and make counter-accusations.”

Read more