Amrit Williams and Adrian Lane, Security Strategist at IT security consultancy Securosis  www.securosis.com) discuss the implications of taking a data protection-focused approach to IT security. In particular, the rise of technologies such as virtualization, software as a service (SaaS), cloud computing, mobile computing and the Internet itself mean that data is moving around like never before, rendering physical asset-focused approaches to security increasingly obsolete. While mature technologies, such as encryption, Network Access Control, intrusion prevention, conventional anti-malware defense exist for protecting data at rest, securing data in motion is a rapidly evolving field. Information-centric security, defined as maintaining data availability and integrity against external and internal threats requires new thinking not only about how to protect data, but the fundamental questions of just what is data security, exactly?

Episode 8 MP3