Data security solutions

'Take an information-centric view of security' On one side digitization of information is providing quicker access and easy sharing using the information technology (IT) platform, while on the other side, it further demands great control and management of information. Today, the rising incidents of unauthorized information access, data thefts or ineffectiveness of security mechanisms to protect information has raised major concerns among enterprises and organizations. Seclore Technologies' CEO, Vishal Gupta talks to Pankaj Maru of Cyber Media News about information digitization and its changing dimensions, evolving information threats or risks, information security mechanism in the recessionary times and much more. Excerpts: Digitization of information or data has completely changed the information dimensions and also the way it is used and managed today. Do you think the information digitization has brought in an entirely different perspective on information's risk, its security and management, particularly at the enterprise level? Absolutely. The methods to contain information risks before and after digitization are completely different. Before digitization, physical access control to information was the only method of its security. Examples of such are large document vaults which still exist in some pharmaceutical companies and law firms. With digitization and the collaboration that it brings, access control methods are rendered ineffective since replication and transmission of information is easy. Consequently, any system which restricts access, replication or transmission quickly becomes ineffective due to new methods coming for the same purpose. There is no option but to take an information-centric view of security and ensure that security is built into the information itself instead of the infrastructure around it. Which are the evolving threats or risks about information? And how can it be managed using IT? Risks of information breaches are continuously evolving like a 'cops-and-robbers' game, i.e. you mitigate one risk and another one springs up. Also the solutions to problems typically become the problem themselves after a while. Amongst the largest threats today are risks associated with "internal employee or partner" data breach (Blog reference) as well as risks associated with the rapidly vanishing "enterprise perimeter". Most security systems today, like firewalls, UTMs etc, do not take care of "internal" resources being the cause of an information breach. The only way to mitigate such risks is to have an "information-centric" policy for usage, i.e. define and implement a policy for information usage which is dependent on the "as-of-now" relationship between the owner of information and its user.