Firewalls and infrastructure-level cybersecurity tools have proven themselves unequal to contemporary cybercriminals—and to the demands of contemporary business. Data breaches occur at an alarming rate, and the traditional castle and moat tools won’t be enough to protect the sensitive data in your organization. Your adversaries will try to penetrate your infrastructure so they can gather and monetize your sensitive data. By shifting to a data-centric cyber defense you focus on what is important: identifying that sensitive data and surrounding it with rings of defense.

The central mandate in the data-centric approach is to maintain control over your sensitive data at all times. That involves an extensive process of, first, identifying where all of that data is and what system processes, applications and functions use it. Second, classify it by determining whether it involves business sensitive data, intellectual property, account level data, or customer info. By using the correct level of encryption and data protection tools for each type of information you create the first line of defense against the adversary.

Just as important is restricting access by using the proper authentication and access control tools and procedures as well as by monitoring access to these files. This simplifies tracking the movement of those assets, and real-time monitoring will readily identify suspicious behavior and unauthorized use.

A good data-centric approach will provide the core foundation for integrating additional layers of cyber defense, including network monitoring, endpoint, DLP, vulnerability identification and remediation, behavioral tools, and privileged access monitoring.