twixx - Fotolia

Problem solve Get help with specific problems with your technologies, process and projects.

Why data protection shifted from the network to content-based security

Information security used to focus on securing a company's network. But cloud computing and mobility have blown traditional models wide open.

Information security used to focus on securing a company’s network -- protecting the perimeter of a company's four walls. But cloud computing and mobility have blown traditional models of security wide open. How can companies adjust by employing content-based security, or asset-based security?

The idea is to control the content. It doesn't matter if somebody can get past your other defenses, if you can control access to that content, you have control of your intellectual property.

Several companies have been trying to attack this problem. What does it mean? It means controlling things like who can edit, who can share (copying and pasting), and being able to expire documents; so, you can say that you can look at it for this period of time, but after that period of time is over the document is no longer accessible. Or you can just shut down immediate access to documents, say 'This document is no longer accessible,' and it's like it doesn't exist. If you click the link to the document, nothing happens.

Back in the day, there was this idea of document rights management, and it was a bit kludgy. But today, with the cloud, you can set up content-level security and you can basically control every aspect of how people use that content.

To give you a couple of examples, MobileIron just released a content security service that gives control of content at that kind of granular level but across a number of services. Right now it's like Box and Dropbox, I think, but over time they plan to layer on other services and layer on APIs to more obscure services.

If you know that people are using a service, rather than try to control what they can and can't do, you control the content wherever it goes and it's a pretty smart approach, I think.

Next Steps

Report reveals enterprise social media threats may be growing

Taking a content-based approach to security

Weaknessess that leave organizations vulnerable to an attack

Dig Deeper on Information governance management

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

It comes down to being aware of and focused on your data - no matter where it is housed or accessed. Know the systems, know the users, know the value of that data, and have a disaster recovery plan in place...beyond your regular security plan to keep this data accessible and safe.
This is a backward move in terms of technology because there are some assets of organizations that cannot be protected using contented - based security.
It makes sense. What is it you're trying to protect, after all? It's not the device itself, it's the stuff on the device. It seems that such a method also makes it easier to ensure that protection is maintained across devices, which is increasingly important in IaaS applications.
Good insight, Ron. I agree, before modern technology network security was the main focus and now that is shifting because employees can access business-critical information from anywhere on any device. Securing the actual piece of content or data is the most important step in protecting valuable company and customer information. Our industry has made great advances to protect content and I can’t wait to see what the future holds. In my opinion, I can see the use of biometric passwords to give employees access, editing and sharing rights to confidential information. – Andy Jones, Xerox, @AndyJonesXerox