The cybersecurity market has matured and evolved rapidly over the last few years, and many organizations are struggling to keep pace. A combination of tighter compliance regulations cantered around customer data, the deluge of cyber-attacks making mainstream news and the heightened public awareness of data privacy rights is making it hard for organizations to ignore data security.
In fact, all organizations (from SMB to Enterprise) need to now be proactive in taking steps to ensure that their data is secure. More and more data are being created every day, and (in part thanks to GDPR) customers are starting to take an interest into how their data is being stored and processed. As if to pile on the pressure, the monetary value of data on the black market nowadays makes it a prime target for both insider and outsider attacks.
Solutions come in many shapes and sizes and claim to address different aspects of cybersecurity from ransomware to firewalls. But I believe that no cybersecurity strategy will ever be good enough if it does not put data at the center. After all, it’s the data that holds the value and needs to be protected.
The market for solutions that put data first is known as Data Centric Audit and Protection (DCAP). It is fairly new, but I believe that over the next few years we will see a massive surge in DCAP solutions looking to provide organizations with a means of securing their data.
What is Data-Centric Audit & Protection (DCAP)?
Simply put, as it says in the name, DCAP solutions put data at the heart of everything and work from the inside out. Articles across the internet will give you a bloated definition of DCAP and list many features that may end up sounding more like marketing buzzwords than anything else. If you want a full definition of DCAP, I’ve written one here. However, generally I think DCAP can be broken down into the following four “pillars”:
- Where is your sensitive data and why is it sensitive?
- Who has access to your sensitive data?
- What are your users doing with your data?
- Are there states and changes within your environment that pose a risk?
These are the four most important aspects of DCAP. Find yourself a way of answering those questions and you can relax the next time that auditor comes calling or an unauthorized change is made within your environment.
What to Look for in a DCAP Solution
If you were to look at the Gartner definition of DCAP, for example, you would notice they mention that no single vendor can offer all the solution required from the definition of DCAP. They recommend that you create an ecosystem of complimentary solutions to address the four pillars.
Whilst that may well be a good idea, most organizations simply don’t have the time or the budget to go shopping for more than one solution. Thankfully, despite the market being fairly young, there are a number of key DCAP solution providers popping up.
One such provider is Lepide, whose mission is to ensure that security starts with data. They have developed their Data-Centric Audit & Protection solution, LepideAuditor, to sit comfortably within the DCAP market and hit upon the four key pillars of data-centric security.
Using LepideAuditor, you will be able to identify where your sensitive data resides, why it is sensitive, which users have access rights to it, what changes are being made to it, and much more. For more information on how LepideAuditor will help you put data first, give us a call today.