Concept of a Data-Centric Security Model

Data-Centric Security Model

Frequent data breaches have become an unfortunate reality during the last few years. Treating this kind of threat as a one-time issue is no longer possible – and the evolution of the existing security systems is necessary in order to achieve better data protection results as a whole.

Data security is a topic of utmost importance for any company. With the ever-rising number of data breaches, investing more resources into creating a secure data protection system seems logical. However, the reality is more complicated than that.

Plenty of companies and organizations understand the need for data security as a whole. These companies often invest a lot of resources into creating a protective “perimeter” – a combination of various data protection measures to ensure that the internal data is not affected by external threats. This security measure is reasonably competent regarding various external cyber threats – malware, ransomware, hacking, etc. Unfortunately, not all potential threats to a company’s data can be external.

Recognizing the Insider Threat


There is an entirely different category of security incidents and data breaches that has become increasingly widespread – the insider threat. This threat covers two significant use cases – accidental data mishandling and malicious data theft. The main problem of the insider threat for legacy security systems is that they are practically ineffective against such threats. A system built to handle “outsider” threats cannot detect malicious activity inside the “security perimeter” because it was not designed with these kinds of threats in mind.

The rise of insider threat as a whole led to a lot of companies rethinking their entire approach to data security. A completely new system is necessary to be able to handle these kinds of threats – along with increased coverage for every security system (since practically everyone has at least a smartphone they can use to access sensitive data).

The Data-Centric Security Model (DCS) in Detail

Luckily, there is a solution to this problem – an entirely new approach to data security called the Data-Centric Security Model (DCS). The most significant difference between the data-centric model and the traditional one is in the primary goal of these security approaches. Most of the legacy security solutions focus on protecting the data storage container, while data-centric security protects the data itself no matter where it is located and what its status is.

DCS is not an old methodology, but it has already earned plenty of recognition from the industry and various multi-coalition organizations worldwide. DCS is the primary methodology for information security in NATO – with NATO STANAG 4774/4778 outlining standards for metadata marking and confidentiality labels. Another well-known organization that also recognized the importance of DCS is NIST, creating a dedicated paper on the topic of best practices for data-centric security management.

Real-World Examples


Illustrating the concept of data-centric security with real-world examples helps bridge the gap between theory and practical application. Consider a scenario where a prominent financial institution falls victim to a data breach despite having robust traditional security measures in place. In this instance, malicious insiders exploit their legitimate access to siphon sensitive customer data, highlighting the limitations of perimeter-focused security.

Another compelling example could involve a healthcare organization inadvertently exposing patient records due to accidental data mishandling by an employee. Such incidents emphasize the critical need for data-centric security models that safeguard information regardless of its location or the source of the threat. These real-world instances underscore the urgency for organizations across various sectors to adopt proactive data-centric security approaches in today’s dynamic threat landscape.

It is worth noting that DCS is not the most straightforward methodology to implement. It includes several strategies and elements that must be introduced in tandem with one another to receive the best possible results. Some of these elements are well-known, while others are not particularly common.

Encryption is a well-known security element that plays a significant role in the DCS. The primary purpose of encryption is to ensure that no one but the data recipient can read the data. This is the core of the DCS methodology, and using the most secure encryption methods for data at rest and mid-transit helps with data protection as a whole.

Key Elements of DCS Implementation

Zero trust access is a relatively new concept for this industry – a complete security framework that ensures the validity and authentication of every single user. Implementing zero trust access as a part of DCS makes it possible to perform multiple checks on every user for identity validation. This makes it much more difficult for impersonation and other related data breach factors to happen.

Attribute-based access control (ABAC) combines data classification and tagging advantages to create a comprehensive system that uses multiple parameters for identity verification. Practically every characteristic or attribute of the user or the data can be used as a potential validation measure – while also adding the context of time and place to every event. ABAC is a very complex technology that can be difficult to set up – but the payoff is that it is also much more challenging to break into.

Other tactics and methods that play an essential part in DCS include data discovery, data protection in motion, data loss prevention, digital watermarking, and detailed data governance. Most of these represent the so-called “layers” of the security that can be leveled on the existing infrastructure, and combining them improves the overall data security drastically.

ArchTIS Solutions for Enhanced Data Security


Data-centric security implementation can be a rather challenging task for both new and existing companies. The level of security it can offer is unprecedented, but setting it up correctly requires a lot of effort and resources to be committed to the cause. Luckily, a good data security solution can make this process a bit easier to handle.

Learn more about archTIS which is one of the best companies in the field. It can provide two solutions for this purpose – NC Protect and Kojensi. NC Protect is a feature-rich solution created to improve data security in various Microsoft 365 applications using dynamic attribute-based access control policies. Kojensi offers a highly secure and convenient data-sharing platform with multiple levels of security explicitly created for the defense industry, the intelligence field, and government-level entities.