In today’s world, conventional cyber thinking remains largely focused on perimeter-centric security controls designed to govern how identities and endpoints utilize networks to access applications and data that organizations possess internally. Against this backdrop, a group of innovators and security thought leaders are exploring a new frontier and asking the question: shouldn’t there be a standard way to protect sensitive data regardless of where it resides or who it’s been shared with? It’s called “data-centric” security and it’s fundamentally different from “perimeter-centric” security models. Practicing it at scale requires a standard way to extend the value of “upstream” data governance (discovery, classification, tagging) into “downstream” collaborative workflows like email, file sharing, and SaaS apps.
In this episode of CyberWire-X, the CyberWire’s Rick Howard and Dave Bittner explore modern approaches for applying and enforcing policy and access controls to sensitive data which inevitably leaves your possession but still deserves just as much security as the data that you possess internally. Rick and Dave are joined by guests Bill Newhouse, Cybersecurity Engineer at National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE), and Dana Morris, Senior Vice President for Product and Engineering of our episode sponsor Virtru.