This domain focuses on determining and maintaining the protection of assets, including identifying and classifying information and its related assets.
Cloud Access Security Broker (CASB)
-
- Scoping of the Definition: A crucial policy enforcement point placed between cloud service users and cloud service providers to extend an organization’s security controls to the cloud. CASBs help enforce security policies, manage data governance, protect against cloud threats, and ensure compliance for data that resides in SaaS, PaaS, and IaaS environments.
- Definitional Technology, Feature, and Service Lines: Includes visibility into shadow IT, data loss prevention (DLP) for cloud-bound data, cloud-based identity and access control, encryption, and threat protection (malware detection). CASB functionality is increasingly being absorbed into consolidated SASE architectures.
Data & AI Security
-
- Scoping of the Definition: Protecting the integrity, privacy, and flow of proprietary data feeding advanced models and governing autonomous operations.
- Definitional Technology, Feature, and Service Lines: Protecting data feeding Large Language Models (LLMs) and governing agentic workflows.
Data Security Posture Management (DSPM)
-
- Scoping of the Definition: An emerging discipline focused on continuous, automated discovery, classification, and protection of sensitive data across multi-cloud environments, data lakes, databases, and SaaS platforms. DSPM shifts the security focus from protecting the infrastructure containing the data to directly protecting the data itself, addressing issues like data access, over-privileged entitlements, and data flow risk.
- Definitional Technology, Feature, and Service Lines: Automated sensitive data discovery and mapping, data flow visualization, continuous risk assessment based on data type and location, data access governance, and security policy enforcement based on data context (e.g., data residency violations).
Data Loss Prevention (DLP)
-
- Scoping of the Definition: A comprehensive security strategy and suite of technologies engineered to detect, monitor, and safeguard sensitive information from unauthorized access, accidental exposure, or malicious exfiltration. It ensures that critical corporate data remains secure and compliant whether it is at rest within storage repositories, in motion across corporate networks, or in use on endpoint devices.
- Definitional Technology, Feature, and Service Lines: Incorporates automated data discovery and classification engines, deep content inspection, and contextual policy enforcement (such as blocking, quarantining, or encrypting unauthorized transfers). It relies heavily on integration with Cloud Access Security Brokers (CASB), Secure Access Service Edge (SASE) architectures, and endpoint monitoring agents to govern data flows across on-premises, hybrid, and cloud-native environments. Emerging technologies include browser extensions and generative AI firewalls (AI gateways).
Host (Endpoint) Security
-
- Scoping of the Definition: Protection centered on the host machine, evolving beyond simple antivirus.
- Definitional Technology, Feature, and Service Lines: Transition from signature-based legacy antivirus to sophisticated Endpoint Detection and Response (EDR) utilizing behavioral heuristics.
Endpoint Detection and Response (EDR)
-
- Scoping of the Definition: The foundational security discipline for continuously monitoring, collecting data from, and analyzing activity on endpoint devices (workstations, servers, mobile devices) to detect, investigate, and respond to threats that successfully evade initial prevention controls (like traditional antivirus). EDR platforms enable security teams to gain deep forensic visibility and act quickly to contain a threat.
- Definitional Technology, Feature, and Service Lines: Behavioral-based detection (UEBA), continuous data recording and retention, remote shell access for investigative forensics, automated response actions (e.g., device isolation, process termination), and threat hunting capabilities.
Key Management and Hardware Security Modules (KMS/HSM)
-
- Scoping of the Definition: The foundational security discipline for generating, storing, managing the lifecycle of, and providing access to cryptographic keys used to encrypt sensitive data (data at rest and in transit). Key Management Services (KMS) provide software-based key management in the cloud, while Hardware Security Modules (HSM) provide a tamper-resistant, highly secure physical or virtual appliance environment for cryptographic operations.
- Definitional Technology, Feature, and Service Lines: Key generation and rotation, centralized policy enforcement over key usage, secure storage (FIPS 140-2 certified), key access auditing, and cryptographic offload capabilities for high-performance transactions.
Privacy Enhancing Technologies (PETs)
-
- Scoping of the Definition: A collection of advanced cryptographic and computation techniques designed to allow organizations to analyze, share, and derive insights from sensitive data while mathematically preventing the exposure of the underlying private information. PETs are critical for collaborative analytics across organizations and for meeting stringent data minimization and privacy regulations (e.g., GDPR, CCPA).
- Definitional Technology, Feature, and Service Lines: Includes Homomorphic Encryption (HE), which allows computation on encrypted data; Federated Learning (FL), which trains models locally on devices without transferring raw data; and Differential Privacy (DP), which injects noise to mask individual data points in an aggregate dataset.
