Data-centric information security model for bringYour- own-device environment
Date
2014-06
Authors
Juma, Ibrahim
Journal Title
Journal ISSN
Volume Title
Publisher
Strathmore
Abstract
Information security in the enterprise is challenging and has been considered . a
roadblock to enterprise innovation and adoption of concepts such as Bring- YourOwn-
Device (BYOD). One of the primary reasons for this is the paradigm from
which information security is being approached in today's ever evolving and agile
businesses. Strict security requirements as an overlay to a perimeter-focused network
and device-centric security models do not adequately secure enterprise data, failing
the agile enterprise.
This study utilized interviews and literature reviews in conducting a qualitative
analysis of smartphone security vulnerabilities, threats and the limitations of devicecentric
security models in managing information security risks in a Bring-YourOwn-
Device Environment. A Data-centric security model is introduced in the
context of a layered security approach for end-to-end security. The model introduces
the data aspect of security and how to provide complete coverage of enterprise
security focusing on the key steps of data security with the following key
requirements; data classification, applications, roles, users and policies definition .
A data-centric security model offers a middle ground for organizations adopting
Bring-Your-awn-Device concept by ensuring information security without
compromising employee privacy demands. The model implementation is risk based;
allowing enterprises to secure their sensitive information while achieving the
Security-Functionality-Ease of use equilibrium in a Bring-Your-awn-Device
Environment. The ultimate goal is to protect the enterprise data beyond the perimeter
and securely transfer sensitive data in an agile enterprise. The model outcome
focuses on data security process achieved through data encryption, audit, digital
rights management, secure file transfer and policy enforcement.
Description
Submitted in partial fulfillment of the requirements for the Degree of
Master of Science in Information Technology (MSc.IT) at Strathmore University
Keywords
Information Security Model, ICT, Data-Centric