Data protection is a fuzzy, sometimes nebulous term. Certainly everything we do on the network is intended to protect the data on it. In an era of widely dispersed global enterprise – sometimes with little or no perimeter – the data often seems to be alone on the internet. That's when we need to focus on the data itself in addition to the supporting infrastructure.
Data is under attack directly. Major breaches over the past two years have been targeted at critical and sensitive data in one form or another. Whether it is credit card data, personally identifiable information, medical records or trade secrets, the adversary is focused on exfiltrating as much data as possible. We see all too frequent reports of passwords in the millions exfiltrated from large organizations that we would have believed to be secure.
Our Innovator in this year's data protection category has been with us before. However, you will recognize a distinct evolution from training to active defense. Why? The reason is pretty straightforward: The delivery mechanism for large-scale attacks is not large-scale itself. It is subtle and deceptive. It can be widespread or very focused. But it is not an attack against the infrastructure. It is an attack against users and, through the users, their data.
So this year, as we were looking for Innovators we found a lot of traditional approaches. These are good in most cases but don't have the spark of innovation that we look for each year. In our view, traditional approaches – such as data leakage – are stressed almost to the breaking point. The creativity of the adversary is increasing rapidly and we need to keep up with it. There is a lot happening in this space and we believe that next year we'll see a bumper crop in this area.
Meanwhile, our Innovator for this year is coming up with clever ways to solve a very ugly problem, both at the education end and the direct protection end, and that is the kind of innovation we look for.