Interview in NITECH: Data-Centric Security

Data-centric security (DCS) focuses on protecting data, regardless of where it is stored. Through encryption, context-based access controls, and monitoring, organizations can maintain control over sensitive information. This allows them to reliably implement regulatory requirements such as NIS2 or GDPR. In an interview in the current issue of NITECH, Marion Konnerth (Head of Projects) and Dennis Füller (Head of Cybersecurity Consulting Defense) explain how this approach works and what role it plays in compliance.

Daniel Schnichels · 7. July 202514. July 2025 · Ideas · 2 min. read

How can data-centric security improve an organization’s information security beyond perimeter security?

Traditionally, much information security control focuses on securing the perimeter. An organization first defines trust zones and then reduces the risk of an adversary breaching the perimeter and entering these trust zones. Within a trust zone, there is implicit trust between actors of human or machine nature. In theory, data and processes that are processed within a trust zone should be secure, based on the effectiveness of the existing perimeter security controls and the implicit trust.

In practice, there is always a residual risk of an attacker gaining access to that trust zone and thus to the assets (e.g., data or processes) within. Additionally, there is usually an increasinisng need to communicate data outside a trust zone, e.g., with external partners. With solely traditional perimeter-focused measures, it is impossible to control the data once it leaves the trust zone. Data-centric security enables an organization to retain control even over shared data with the help of encryption, tokenization, or rights management. Furthermore, data-centric security partially covers the ‘assume breach’ principle of the zero-trust approach.

In general, to what extent would this be enough to keep malicious actors off an organization’s network and prevent potential attacks?

Reducing the risk of threat actors breaching perimeter controls to 0 percent is an impossible task. Data-centric security adds multiple additional layers of security to an existing security infrastructure. That can be achieved by attaching controls, e.g., encryption and attribute-based access control, on a highly granular level to sensitive data, e.g., PII, PI or classified information. Even if a threat actor gains access directly to the files that contain that sensitive data, they can still not process them in any way if they lack the respective decryption keys or the permissions that are required by the attribute-based access control (ABAC) solution in place.

You can rad the complete interview in the current issue of NITECH (pages 44 – 45): https://issuu.com/globalmediapartners/docs/nitech13