Intelligent CIO Europe Issue 4 - Page 38

EDITOR’S QUESTION access management (PAM) solutions can control the user’s access but cannot control the file system and access tasks executed by processes, nor perform data discovery within files. File system and process solutions (DCAP) can provide segmentation and encryption to files and directories dynamically but cannot control the actual user being authenticated in the first place. This is true for File Integrity Management (FIM) solutions as well. Authentication is all or nothing. As stand-alone solutions, both components effectively manage a portion of the access model but only when combined, or used together, do they completely protect the entire stack from malicious access. The solution to protecting online data utilises both Privileged Access Management (PAM) technology and Data Centric Access Policy (DCAP) strategically to block threats vertically along the traditional computing model. This includes managing privileges with a PAM solution and controlling the file systems, data contents and encryption with a DCAP technology. This satisfies all the use cases from the cloud, to on-premise implementations for securing data online. Therefore, complimentary security solutions are becoming the methodology of choice to protect online data, since one discipline alone cannot satisfy all of the use cases effectively and threats from a potential attacker or insider threat need a blended approach in order to be effective.