Data that is stored is usually thought of as data-at-rest. It is typically protected by the operating system access controls designed to permit access to only those intended and approved to access the data. Diana Kelley, of SecurityCurve, explains that the myth of the “trusted insider” assumed that internal users could always be trusted.
According to Kelley, while this model was a bit dubious even in the 90s, it is clearly no longer viable in the current reality of de-perimeterization. De-perimeterization refers to the fact that single gateway perimeters do not adequately protect data that is shared and transmitted by an organization in today’s IT architecture.
Data in motion is data that is moving across the network. Such data is typically very vulnerable before it leaves and is vulnerable when it arrives. Destination systems are different operating system with different access controls and do not have the same protection for the data as the originating system.
Kelley states that placing security into applications emerged as an interim model when the perimeters began breaking down, but it does not adequately address the total data security problem. She concludes that there is no simple “inside” and “outside” – there are, in fact, many complex zones.
Recent research published by IDC claims that only two-thirds of EMEA manufacturers are confident that their data is protected from external and internal attacks. And, of the security threats faced by manufacturers, the greatest is employee error or accidental loss of sensitive information.
This blog entry is the second in a five part series about data security trends of the past decade. Stay tuned for "Part 3: Security Approaches, A Major Shift in Trends".