Gartner Research

Information Confidentiality

Published: 13 February 2009

ID: G00203685

Analyst(s): Trent Henry

Summary

Information confidentiality is of paramount importance to all organizations. Whether the information is intellectual property, customer identity data, or some other restricted information, enterprises must choose how to protect data in motion, at rest, and in use. In this technical position update, Burton Group presents a decision-making framework for confidentiality in various infrastructure layers: perimeter, identity and access, application, repository, point-of-use systems, and data itself.

Table Of Contents

Decision Point

Typical Requirements

  • Information Disclosure Risk
  • Mapping to Enterprise Policy
  • State of Data
    • Data at Rest
    • Data in Motion
    • Data in Use
  • Infrastructure Surety
  • Surrounding Processes

Alternatives

  • Infrastructure Layers
    • Point of Use
    • Repositories
    • Applications
    • Identity and Access Layer
    • Data Self-Protection
    • Perimeter Layer
  • Methods of Protection (in Various Layers)
    • Filters
    • Transforms
    • Separation Mechanisms
  • Multiple Layers and Methods

Future Developments

Evaluation Criteria

Statement and Basis for Position

  • Number of Protections Position
    • Consider keeping information offline.
    • Use at least two methods to secure confidentiality.
    • Use at least one method to secure confidentiality.
    • Consider using at least one method to secure confidentiality.
  • Infrastructure Layer Position
    • Infrastructure Layer for Data in Motion Position
    • Infrastructure Layer for Data at Rest Position
    • Infrastructure Layer for Data in Use Position
  • Point-of-Use Protection Position
    • Use authentication and authorization methods to create an identity and access layer around the point of use.
    • Use a content filter to protect information on the system.
    • Use a transform to encrypt the media at point of use.
    • Use a filter with data labeling to protect information on the system.
    • Reevaluate the layer of infrastructure protection.
  • Data Self-Protection Position
    • Reevaluate the layer of infrastructure protection.
    • Use a transform to enforce rights management over the use of the information.
    • Use a transform to encrypt the data in transit.
  • Perimeter-Layer Protection Position
    • Use separation methods to create enclaves that protect information.
    • Use perimeter filtering methods to protect information.
  • Repository-Layer Protection Position
    • Use authentication and authorization methods to create an identity and access layer around the repository.
    • Use separation methods to create content enclaves in the repository.
    • Use a transform to encrypt, hash, or mask information.
    • Use a filter to protect the information.
  • Application-Layer Protection Position
    • Use authentication and authorization methods to create an identity and access layer around the application.
    • Consider using a transform to hash data when comparing sensitive values.
    • Use separation methods to isolate the application.
    • Consider using a transform to encrypt information.
    • Consider using programmatic filters to limit information access.

Relationship to Other Components

Revision History

Notes

©2019 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.