The driver or drivers for data-centric security
At the standards meeting that I sat through yesterday there was an interesting discussion about the future of data-centric security. That's roughly where you protect your sensitive dat a by encrypting it innstead of trying to secure the perimiter of the networks where it lives.
In this discussion, there were supporters for all three big drivers for data-centric architecture: mobile devices, cloud computing and offshoring, but the discussion got a bit contentious after the big three uses were mentioned. This seemed to be driven by commercial concerns rather than by anything else.
The vendors interested in mobile devices were sure that mobile devices were going to be the big driver for the adoption of data-centric architectures.
Vendors more interested in cloud computing were sure that the cloud was going to be the big driver behind for the adoption of data-centric architectures.
And a consultant who seems to make a lot of money off of advising companies on how to do offshoring was sure that offshoring was going to be the big driver behind the adoption of data-centric architectures.
This discussion stayed relatively polite, but it really didn't look like the three factions ended up appreciating the point of view of the others at all. That's probably not good. They're all looking at the same goal, and they'll probably have to consider the others' points of view before they'll get data-centric security widely deployed, and it looked like this was going to end up more difficult than it needs to be because of the lack of appreciation of the other positions.