Nov 19, 2020
All links and images for this episode can be found on CISO
Where is your data? Who's accessing it? You may know if you have
an identity access management solution, but what happens when that
data leaves your control. What do you do then?
Check out this
post for the basis for our conversation on this week’s
episode which features me, David
producer of CISO Series, co-host Allan
Alford (@allanalfordintx), and our
sponsored guest is Elliot
CEO, Keyavi Data.
Thanks to this week's podcast sponsor, Keyavi
Our Keyavi breaks new ground by making data itself
intelligent and self-aware, so that it stays under its owner’s
control and protects itself immediately, no matter where it is or
who is attempting access. Keyavi is led by a team of renowned data
security, encryption, and cyber forensics experts. See for yourself
On this episode of Defense in Depth, you’ll learn:
- In general, all of security is based on detecting threats and
stopping threats. When those two fail, and they do, what's your
recourse to protect your data?
- What if when your data leaves your control either accidentally
or through a malicious breach, you were still able to see your data
wherever it went and your data could communicate back to you its
status, allowing you to control access to your data?
- There are so many scenarios when data leaves you, it's
impossible to protect for all scenarios.
- Asset inventory is first step in the CIS 20. Just trying to get
an asset inventory of equipment is difficult. An inventory of data
is near impossible especially when you may be pumping out a
terabyte of data a day.
- Ideal situation is to protect data proactively, as it's being
- The ultimate goal is to have visibility of your data in
perpetuity, for the life of the data, and you can decide when to
destroy it even when it's no longer within the confines of your
greater network and ecosystem.
- Governing your network, your applications, the rules, and the
data is half the battle.
- Data visibility also allows you to make informed decisions as a
business and can provide the answers your legal team will need in
case there's a breach.
- You want the data protection and visibility schema to be
platform and ecosystem independent. If data is taken out of the
ecosystem, then the protection and visibility is moot.
- A good precursor to this is digital rights management or DRM.
They have figured out how to manage data from being copied and
manipulated and they can place controls on it. The limiting factor
though is it's platform dependent.