Data-centric information security model for bringYour- own-device environment
Information security in the enterprise is challenging and has been considered . a roadblock to enterprise innovation and adoption of concepts such as Bring- YourOwn- Device (BYOD). One of the primary reasons for this is the paradigm from which information security is being approached in today's ever evolving and agile businesses. Strict security requirements as an overlay to a perimeter-focused network and device-centric security models do not adequately secure enterprise data, failing the agile enterprise. This study utilized interviews and literature reviews in conducting a qualitative analysis of smartphone security vulnerabilities, threats and the limitations of devicecentric security models in managing information security risks in a Bring-YourOwn- Device Environment. A Data-centric security model is introduced in the context of a layered security approach for end-to-end security. The model introduces the data aspect of security and how to provide complete coverage of enterprise security focusing on the key steps of data security with the following key requirements; data classification, applications, roles, users and policies definition . A data-centric security model offers a middle ground for organizations adopting Bring-Your-awn-Device concept by ensuring information security without compromising employee privacy demands. The model implementation is risk based; allowing enterprises to secure their sensitive information while achieving the Security-Functionality-Ease of use equilibrium in a Bring-Your-awn-Device Environment. The ultimate goal is to protect the enterprise data beyond the perimeter and securely transfer sensitive data in an agile enterprise. The model outcome focuses on data security process achieved through data encryption, audit, digital rights management, secure file transfer and policy enforcement.