Data-centric security definition

Data-centric security

(also data-focused security, data-driven security)

Data-centric security focuses on securing the data itself rather than the network or system it resides in. This approach embeds security controls directly into the data, protecting it no matter where it is stored or how it is shared. The intent of data-centric security is to safeguard the data at its most granular level, for example, by encrypting it or implementing other control mechanisms.

Data-centric security examples

Data encryption: Encrypting data at rest and in transit is a crucial aspect of data-centric security, making it unreadable without the correct decryption key.
Data masking: This technique replaces sensitive data with fictitious yet realistic data, preserving privacy while allowing functionality.
Data tokenization: Tokenization substitutes sensitive data with unique identification symbols retaining all the essential information without compromising its security.

Advantages and disadvantages of data-centric security

Pros:

Consistent protection: Since the security is embedded in the data, it remains protected even when it moves across different systems and networks.
Better compliance: Data-centric security is instrumental in meeting regulatory requirements around data protection.

Cons:

Complex implementation: Establishing a data-centric security architecture can be challenging and may require significant resources.
Potential performance impact: Certain techniques, such as encryption, could potentially impact system performance.

Using data-centric security

Understand your data: Before implementing a data-centric approach, it’s essential to know what data you have and where it resides.
Combine with other security measures: Data-centric security should be a part of a layered security strategy, including network and system protections.