Defined by Gartner, this strategy aims to secure data where it resides, regulate access permissions, and track changes that have been made to it.

We write a lot about data breaches and there’s a reason we do that. The amount of electronic data being created and stored is exploding – it’s valuable, but it’s also vulnerable.

Data-Centric Audit & Protection (DCAP) is a strategy defined by Gartner to secure data that focuses on maintaining a blueprint of where essential data resides, who can access it, and what changes can be and have been made to it.

The key facets of DCAP are:

  • Discovery and classification

Simply put, you need to know what data you have and where it lives. This means being able to find essential or sensitive data, whether it resides in-house or in the cloud. Do you have data that may be subject to scrutiny under the California Consumer Privacy Act (CCPA) or the General Data Protection Regulation, better known as GDPR? Being able to locate and classify should be front and center of your cybersecurity strategy. New regulations require you to not only know where your data is, but what’s in it, particularly if it contains personally identifiable information (PII).

  • Permissions and Privileges

The old “everybody gets a UserID/password” permissions standard doesn’t cut it anymore. Having the ability to monitor any changes made, not only to your data itself, but who is allowed to access data is an important facet of a data-centric audit and protection regimen. As much as you may trust your employees, an increasing number of data breaches are perpetrated by insiders. As a case in point, consider the recent breach by an Amazon Web Services employee that took advantage of a misconfigured firewall to allow outside access to AWS client data – most notably, Capital One customers. Access to data should only be granted to those few that genuinely need it – and the ability to monitor changes to security protocols can alert you to potential suspicious activity.

  • User behavior analytics

Active participation is necessary for protecting your internal data and the data of your customers. Monitor your employees’ interaction with sensitive data and understand what changes were made and by whom. Yes, it’s unfortunate, but it bears repeating: potential threats to your organization’s infrastructure come from inside your organization as likely as they come from outside. Ideally, you should be able to not only audit any changes made, but also reverse any unauthorized or malicious changes.

  • Monitoring and auditing changes to data and permissions

Control of privileges granted to users, including Role Based Access Control (RBAC) and Attribute Based Access Control allows you to guard your sensitive data. Establish processes and strategies to monitor and audit data access and alert you to any misuse, malevolent or otherwise.

DCAP Diagram


Luckily, Sherpa’s Altitude SaaS platform allows total visibility into your organizations data from anywhere, providing comprehensive eDiscovery, Data Governance, Privacy & Compliance monitoring, and risk mitigation to assist you in detecting and responding to threats.

If you’d like to learn more, contact us. We offer a range of solutions to identify and classify data across your enterprise – in email, file shares and beyond – with the capability to move, copy, quarantine, classify or delete it.