The data-eccentric security is a method of security that gives high preference to the security of data and information instead of the security of servers, networks or applications. The data-eccentric security is continuously evolving as organizations depends upon digital information in an increasing rate to operate their business and huge data projects are becoming mainstream nowadays. It enables enterprises to manage the disconnection between IT security technology and the objectives of business plans by relating security to the data that they protect directly. It secures a relation that is sometimes secured by the presence of security.
The common process in a data-eccentric security model are the ability to inspect data storage areas when they are not used to detect vulnerable data. It includes the ability to define usage policies which will describe whether some data are editable, accessible or blocked form special locations or users. It is also able to defend against unauthorized use of data or data usage and stop sensitive data from being transferred to unauthorized locations or data. It also tracks the continuous monitoring of data usage to find meaningful distraction from usual behavior that might lead to possible malicious intention. Looking on a technical sight the data eccentric security depends upon the implementation of these strategies: The data is self-defending and describing; the controls and policies that related to the business context; the information that are protected as it is transferred in and out of applications and storage systems and changing the context of the business; and the policies that function consistently via different defensive technologies and layers implemented. The various technologies used in this security system are data access controls and policies, data encryption and data masking. Furthermore the diversity and heterogeneity of cloud environments and services want fire grained access services and control policies which should be flexible enough to capture context, dynamic or attribute or credential based access demands and data protection.