The expanding security vocabulary: data management
Blogger: Trent Henry
Burton Group's newest coverage area--Data Management Strategies--stretched its wings for the first time at Catalyst today.
Research Director Peter O'Kelly gave the kickoff keynote, and a number of phrases caught my ear:
- E-discovery
- Compliance
- Disclosure
Wait, aren't these security topics?
Not just, it turns out (and, frankly, I already knew that, but it was a good reminder). Part of information-centric security involves recalling that there are people in IT who work closely with data: slicing, dicing, modeling, warehousing, indexing, etc. We need to be talking with them.
More significantly, we have additional vocabulary to become conversant with (and technologies/techniques to understand) so we can have a meaningful protection discussion:
- XQuery and the rise of XML data types
- Granular relational databases and widespread replication
- Use and management of metadata
- Data modeling
It's unlikely that all (or any) of this is new to a seasoned security professional, but we need to dive more deeply to understand how these things affect security policy and infrastructure. In short, how do they impact confidentiality, integrity, availability, use-control, and accountability of information?
By the way, my favorite quote so far: "skimping on [data] modeling is like choosing a discount parachute" (from Analyst Joe Maguire).
Comments