Page 22 - GCN, May 2016
P. 22

Why agencies need agilG
e, persistent security at the data-level.
ONE ARE THE DAYS when agency endpoints were confined to systems connected to a LAN in a brick building— easy to secure and manage. Endpoints now include virtual users,
of the firewall and on any device. It adds another critical layer of fortification to existing security measures. Data-centric security encrypts the native file format itself. This helps ensure data remains more secure wherever it travels or is stored. The decryption server and keys often reside in a different location than the data, which further enhances protection. Only a device with the proper client technology and authentication controls can decrypt the file.
But encryption alone is not enough for data- centric security, though. It’s like padlocking your wallet and throwing it into the ocean. Your wallet is safe, but you have no idea where it has gone or what happened to the contents. When choosing a data- centric security solution, select one that combines security strength with persistent, dynamic control.
Persistent, Dynamic Control
Persistent, dynamic control has four key elements:
1. Ability to remotely push dynamic policy and access changes on the fly without having to revoke and renew access
2. Continuous auditing of location and events, inside and outside the firewall
3. Digital signatures to confirm the identity of each person who signed a document, confirming it hasn’t been altered in transit
4. Extension beyond LDAP authentication to support for a range of authorization sources
By adding persistent dynamic control to data- centric security, the agency is able to stay in contact with the data—pushing policy and access changes, receiving information about who’s accessing, how it’s being used and how frequently, and helping to ensure authenticity and integrity. Employing this approach, your agency will be able to better manage your data wherever it goes in the world, predict internal and external threats, and respond with agility to changing operational needs.
Barry Leffew is the Vice President Public Sector, Adobe Systems Incorporated.
smartphones, tablets, external consultants and partner organizations. Information is pushed and pulled to devices internally and externally, increasing the risk of exposure and likelihood of theft. Security needs to become more agile, more persistent, more predictive, and more dynamic. To get there, cyberdefenses must move to within the perimeter, the hardware, and even the device. It must move down to the data level.
Policies Drive Change
Recognizing those issues, the Office of the President recently directed the Administration to implement the Cybersecurity National Action Plan (CNAP). This plan calls for all federal agencies to take a multi-layered data protection approach to better secure the government’s most sensitive data.
The Office of Management and Budget (OMB) agrees. OMB has been urging agencies to implement capabilities to “protect high value assets and sensitive information” within the next year. Those two policies point towards implementation of a multi-layered cybersecurity strategy that includes data-centric security.
What is Data-Centric Security?
Data-centric security targets and protects the data itself regardless of its location—inside or outside
 Flexible Deployment: Is it available on-premises or in the cloud with FedRAMP authorization?
 Infrastructure Flexibility: Does it support a wide variety of infrastructures, operating systems and authentication providers?
 Custom Workflow Support: Does it support application development for custom workflows?
 Client-Side Support: Does it require a dedicated client to decrypt? Is that client available/authorized within your agency?

   20   21   22   23   24