Data-centric security

Data-centric security is an approach to security that emphasizes the security of the data rather than the security of networks, servers, or applications. Data-centric security is Evolving Rapidly as companies increasingly Rely on digital information to Run Their Business and Big Data projects Become mainstream. [1] [2] [3] Data-centric security also enables organizations to overcome the problem of security and the protection of the environment. a relationship that is often obscured by the presentation of security as an end in itself. [4]

Key concepts

Common processes in a data-centric security model include: [5]

  • Discover: the ability to know what data is stored.
  • Manage: the ability to define accesses that will determine if certain data is accessible, editable, or blocked from specific users, or locations.
  • Protect: the ability to defend against data loss or unauthorized users of data.
  • Monitor: the constant monitoring of data.

From a technical point of view, information (data) -centric security related to the implementation of the following: [6]

  • Information (data) that is self-describing and defending.
  • Policies and controls that account for business context.
  • Information that remains protected as it moves in and out of applications and storage systems, and changes business context.
  • Policies that work consistently with the different data management technologies and defensive layers implemented.


Data access controls and policies

Data access control is the selective restriction of access to data. Accessing may mean viewing, editing, or using. Where it resides, where it resides, how important it is, who it is important to, how sensitive is the data. [7]


Main article: Encryption

Encryption is a data-centric technique to address the risk of data in smartphones, laptops, desktops and even servers, including the cloud. One limitation is that encryption becomes useless once a network intrusion has occurred and cybercriminals operate with stolen valid user credentials. [8]

Data masking

Main article: Data masking

Data Masking is the process of data protection and is designed to ensure that the data is kept to a minimum. This may include masking the data from users, developers, third party vendors, and so on. Data masking can be performed in multiple ways: by duplicating data to eliminate the need to be hidden, or by obscuring the data. [9]


Main article: Security audit

Monitoring is a key component of a data-centric security strategy. It provides visibility into the types of actions that users and tools have requested. Continuous monitoring at the data layer can be significantly increased with the accuracy of the detection of data. A 2016 survey [10] shows that most organizations still do not assess database activities and the ability to identify databases in a timely fashion.

Cloud computing

Cloud computing is an evolving paradigm with tremendous momentum, but its unique aspects exacerbate security and privacy challenges. It should be flexible enough to capture dynamic, context, or attribute-based access requirements and data protection. [11]

Data-centric security in the cloud environment

In recent decades Many organisms Rely on managing database in public cloud services Such Amazon_Web_Services gold Microsoft_Azure to Their organizes data. Such approach has its own limitations on what users can do with managing security of their sensitive data. For instance, hardware security appliances or agents running on the database are no longer an option. This is an innovative way to secure data and databases by using reverse proxy siting between clients / applications and database servers. The requirements of this type of support are as follows: [12]

See also

  • Data masking
  • Data security
  • Defense in depth (computing)
  • Information security
  • Information security policies


  1. Jump up^ Gartner Group (2014). “Gartner Says Big Data Needs to Data-Centric Security Focus” .
  2. Jump up^ SANS Institute (2015). Data-Centric Security Needed to Protect Big Data Implementations .
  3. Jump up^ IRI (2017). “Masking Big Data in Hadoop and Very Large Databases” .
  4. Jump up^ IEEE (2007). “Elevating the Discussion on Security Management: The Data Centric Paradigm” .
  5. Jump up^ Wired Magazine (2014). “Information-Centric Security: Protect Your Data From the Inside-Out” .
  6. Jump up^ Mogull, Rich (2014). “The Information-Centric Security Lifecycle” (PDF) .
  7. Jump up^ Federal News Radio (2015). “NASA Glenn becoming more data-centric across many fronts” .
  8. Jump up^ MIT Technology Review (2015). “Encryption Would not Have Stopped Anthems Data Breach” .
  9. Jump up^ IRI (2017). “Dynamic Data Masking Software” .
  10. Jump up^ Dark Reading (2016). “Databases Remain Soft Underbelly Of Cybersecurity” .
  11. Jump up^ IEEE (2010). “Security and Privacy Challenges in Cloud Computing Environments” (PDF) .
  12. Jump up^ DataSunrise (2017). “Data-centric database security in the public clouds”.