Taking a Data Centric Audit and Protection (DCAP) Approach Avoids the Weaknesses of a Siloed Data Security Strategy

Data Centric Audit and Protection (DCAP) is a term defined by Gartner back in 2017 in response to the weaknesses of the Data Security Governance practices at the time. At that time, data protection strategies focused on the security of the application, or storage system that contained the data. This focus led to a variety of technology-specific security tools which tended to be owned and managed by different teams within IT. This siloed approach to data security worked well as long as the data stayed in that system but failed to provide any protection when the data, or copies of the data were exported or copied into other unstructured applications and cloud storage systems. A change was needed, and the guidance was to take a Data Centric approach to protect access to the data no matter where it was stored, or where it moved to.

STEALTHbits has embraced this strategy and has evolved our products and features to help our customers implement a comprehensive DCAP security focus.

Data Discovery

Stealthbits can discover and classify data from the largest number of data sources in the market. From structured data repositories like major business applications and databases to semi-structured repositories like business productivity software to unstructured data sources like file shares and cloud storage services, Stealthbits can discover and classify more types of business data than any other vendor. With this capability comes the ability to recognized sensitive data types that may deserve additional protection and control. Once you understanding where the data is located and whether it’s sensitive or not, you then need to understand who is accessing the data.

Data Activity Monitoring

Once Stealthbits has located and classified your business data across all of your applications and storage, it can then provide detailed access and activity monitoring so you know who is using the data. Along with activity, Sstealthbits gathers details about how users have been granted access and can quickly identify unsafe “open access” conditions that could lead to sensitive data getting into the wrong hands. Another benefit of this access monitoring is that you can see if anyone is even using the data that is available. After all, why manage data that no one is using? This provides a great opportunity to archive off any unused data, thereby reducing the management overhead.

Once the types of data have been identified, and user access is understood, you can then start to make some decisions about restricting access to reduce risk and secure sensitive information.

Data Governance

The DCAP approach encourages IT teams to focus on the data, not on the underlying technology. IT is responsible for the installation, configuration, and management of business applications, but who really understands the value and sensitivity of the data? The data owners, the people that created it and their managers in the lines of business. They are the ones who know if data is still relevant and needed by their teams. Stealthbits enables IT to let the business owners decide who should have access. With automated periodic access and entitlement reviews, IT can get out of the middle and let the business leaders make decisions about what to keep and who should have access.

Embracing a DCAP approach requires shifting the focus away from a siloed security stance to a more business informed focus data access. For more information on how Stealthbits can provide the tools necessary to achieve a DCAP focus, visit our website at www.stealthbits.com.