General Security Strategy
Protect the data instead of chasing the endless perimeter and endpoints
Focus on the Data
In a world where users are both inside and outside the firewall and VPN access is prevalent, protecting the perimeter and the endpoints is almost impossible. Data-Centric Security focuses on protecting the actual data.
In Data-Centric Security, protection is built-in rings from the database outwards through the application and IT infrastructure towards the end-users. When the data is protected, internal threats, external threats, and social engineering are all handled by the same strategy.
Production & Non-Production
Production and Non-production security are fundamentally different
Production Security revolves around the activity in the system. It is generally comprised of three core components: control over the environment, restricting access, and visibility into the activity. The three are not equal as the last is the most beneficial but also the most difficult to achieve.
Non-Production Security revolves around the data. The guiding principle is that once sensitive data is removed from these systems, the security requirements are significantly reduced. However, masking the data must not compromise data validity, data integrity, or reduce the quality of the test.