Speaking in the opening keynote session of Day Two of the Spring Infosecurity Magazine Online Summit, Wendy Nather, head of advisory CISOs at Duo Security (Cisco), analyzed the chemistry of data, exploring data’s power (for good and bad), creating formulas for data security requirements and driving a data-centric security approach.
Nather outlined that, over the past 40 years, there have been vast changes in how data is stored, accessed and utilized, particularly with the growth of widely distributed, mobile computing and with consumers/enterprises both using the same hardware, software and services.
A consequence of that is that business data and personal data has become blurred, which Nather said, “greatly affects how we view data” and secure it.
Today, it is very difficult to tell the difference between business and personal data, and we are no longer able to only use traditional indicators to distinguish between different data sets. Nather listed such indicators as:
- When data was created
- What format it’s in
- Where it’s located
- Where it’s used and stored
- How it was created
Therefore, Nather continued, new indicators must also be considered to better understand and successfully secure modern data. Those indicators are: time, context changes, formulas and delivery methods.
Nather advised security professionals to work to know and better understand:
- What someone could do with data
- How time and events affect it
- When to prune data
- What business decisions change security and privacy requirements
“Data can be anything and anywhere, so think about context and content,” Nather concluded.