The world is increasingly connected. Whether we like it or not, the data that the world runs on is comprised of multiple kinds, from multiple sources, and often includes our own. We’re content, more often than not, that the organisations that process and hold onto our data are protecting it enough to keep malicious actors at bay. Organisations in various industries are equally happy that others provide the tools to do enough to keep the status quo. But what happens when this isn’t enough and the tools we currently place our faith in haven’t adapted to meet the changing threat landscape?
How do you go about protecting your infrastructure if your data isn’t protected itself? Think of it this way – consider a bank that offers safety deposit boxes within a secure vault. The bank’s building, with its security guards, surveillance cameras, and alarm systems, represents the network’s infrastructure security. Customers trust the bank to protect their valuables within the vault, much like organisations trust cybersecurity measures to protect their data.
However, the true challenge lies in protecting the contents of each safe deposit box — the data. The Data Centric Security (DCS) approach is akin to providing each safe deposit box with a unique key or combination known only to the box’s owner. Even if a thief breaches the bank’s outer security and enters the vault, the contents of the safe deposit boxes remain secure, protected by their individual lock – Rendering the contents of the lock box worthless to the thief.
This is the challenge of today’s systems. They’re increasingly complex, and are often a patchwork of different solutions, protecting different parts of an organisation, but often not protecting what really needs protection – the data within.
Securing data across international collaborative environments is a key theme within military scientific research, one of which Dstl has been active for decades. By using an Information Based Security Architecture, based on Zero Trust Architecture, the data remains secure no matter who has access to the applications and systems.
The Exsel Group, an independent defence technology solutions company, recognised the potential this method could have within civilian domains and beyond and span out a new company, Tarian – meaning “shield” in Welsh/Gymraeg, to license this approach from Dstl. With a specialised focus on information and cyber security, they acknowledged the gap that many companies often miss in protecting their most valuable assets, data and information. They believe this provides an opportunity to complementing all the existing cybersecurity approaches with one that is novel: how do we protect and secure the actual data that runs through an organisation? After all, it’s that data that is important, and it’s that data that has a giant target on its figurative back.
With the express purpose of working alongside pre-existing infrastructure that protects other areas of the network, Tarian uses their DCS approach to address the need of data protection as a complementary tool to network protection. So, in order to increase the protection levels of data, Tarian looks to protect the data itself. It also doesn’t require an entire rip and replace of existing systems to do this!
Ploughshare is 100% owned by MOD and was established in 2005 to licence Government-owned intellectual property arising from R&D programmes into industry.
They are integral in licensing IP from Dstl-backed research and interlinking those spin-outs and licensee companies with the connecting networks of people they may need to know in their early-stage of the growth to provide benefit to not only the government, but ultimately – the taxpayer.
In this case, Tarian was able to licence the technology from Dstl, through Ploughshare to create a new product line, Bastion, to widen the reach of DCS to new sectors. They will also make it available at the departmental range or to Small and Medium Sized Enterprises. In the times we live in today, it isn’t only the large corporates or Government teams that are vulnerable to data breaches, nor do these threats always originate from the ‘outside’.
Moving forward, the future is full of possibilities for DCS. As a licensee to this technology, Tarian is well placed to identify and create markets for this technology, honing the approach through customer pilots. The organisation is taking their expertise in this domain, and shifting towards a more consultative model, known as Bastion. Bastion takes a holistic approach to exploring an organisation’s data infrastructure, and demonstrates how that organisation can better protect their data.
Tarian’s knowledge of how a Data-centric Security approach can help other industries is also ensuring it looks further than its original defence pedigree. Industries such as pharmaceuticals, legal, and financial services all have data that is sensitive, and organisations that don’t protect it run the risk of colossal fines should that data be compromised – whether internally or externally. The data tools that Tarian have are able to redact data on the fly to comply with governance and clearance requirements, it can also show the best way to protect the data itself in an organisation’s infrastructure.
The future for data security is bright, and a data centric security approach is an Occam’s razor for the questions that consumers, industries, and governments alike have when it comes to protecting the data that is held by and on behalf of them all.
© Ploughshare Innovations Ltd 2024. Registered in England and Wales No. 04401901