Download as DOCX, PDF, TXT or read online from Scribd
Download as docx, pdf, or txt
You are on page 1/ 7
IT DATA SECURITY
What is data security?
Data security is the practice of protecting digital information from unauthorized
access, corruption or theft throughout its entire lifecycle. This concept encompasses the entire spectrum of information security. It includes the physical security of hardware and storage devices, along with administrative and access controls. It also covers the logical security of software applications and organizational policies and procedures.
Types of data security
To enable the confidentiality, integrity and availability of sensitive information,
organizations can implement the following data security measures: 1. Data Encryption 2. Data erasure 3. Data masking 4. Data resiliency
Encryption
By using an algorithm to transform normal text characters into an unreadable format,
encryption keys scramble data so that only authorized users can read it. File and database encryption software serve as a final line of defense for sensitive volumes by obscuring their contents through encryption or tokenization. Most encryption tools also include security key management capabilities.
Data erasure
Data erasure uses software to completely overwrite data on any storage device, making it more secure than standard data wiping. It verifies that the data is unrecoverable.
Data masking
By masking data, organizations can allow teams to develop applications or train
people that use real data. It masks personally identifiable information (PII) where necessary so that development can occur in environments that are compliant. Data masking creates fake versions of an organization's data by changing confidential information. Various techniques are used to create realistic and structurally similar changes. Once data is masked, you can't reverse engineer or track back to the original data values without access to the original dataset.
Common Data Masking Examples
1. Masking customer data Almost all medium- to large-size companies today use a CRM to store and manage customer data, including names, phone numbers, email addresses, employment history, and more. Protecting customers’ privacy (as well as active and inactive leads) requires companies to take appropriate measures to ensure this data is not accessible to unauthorized users. DM is an effective method for anonymizing CRM data while maintaining data reporting and BI (Business Intelligence) functionality. Shuffling, data aging, and data pseudonymization are all effective methods for this data masking example. 2. Masking employee data Most large companies manage employee data in an HCM system. By masking an HCM, organizations can protect the sensitive information it contains, such as names, addresses, phone numbers, salary information, health insurance status, and more. Specific data masking methods, such as data pseudonymization or shuffling, could keep sensitive employee information secure while ensuring that the data remains usable for legitimate purposes, by relevant data consumers. 3. Masking financial data Financial firms use various systems to store and manage investment portfolios for their clients. System databases would contain a variety of sensitive financial information pertaining to customers’ investments, including account numbers, account balances, transaction histories, names, Social Security Numbers, addresses, and more. The firm could anonymize its data by replacing sensitive information with dummy values, for example. Anonymized data would still be accessible to authorized data consumers, while upholding data security standards and complying with regulations such as the Gramm-Leach-Bliley Act (GLBA). 4. Masking IP addresses Companies that use log files to track the activities of users on its application, website, or network may choose to mask the IP addresses in the log files. Encrypted lookup substitution, redaction, or shuffling are all data masking methodologies organizations could use to obscure real IP addresses. In this data masking example, the organization could still use masked IP addresses for testing or analytics purposes, while ensuring compliance with user privacy laws, such as GDPR. 5. Masking medical data Hospital and health system databases, such as EHR systems, store and manage a wide range of personal information about patients, including names, address, phone numbers, medical histories, and more. To protect patients’ privacy and ensure compliance with relevant regulations (such as HIPAA), hospitals can mask EHR data using shuffling or data aging techniques to restrict access to unauthorized parties. In this data masking example, patient data can still be used for analysis and reporting but would not expose the hospital or patient to risk.
Shuffle Masking Shuffle masking masks the data in a column with data from the same column in another row of the table. Shuffle masking switches all the values for a column in a file or database table. You can restrict which values to shuffle based on a lookup condition or a constraint. Mask date, numeric, and string data types with shuffle masking. For example, you might want to switch the first name values from one customer to another customer in a table. The table includes the following rows:
100 Kamatchi Kartheeban
101 Ravi Kumar 102 Ram Gopalakrishnan 103 Santhosh Pandian
When you apply shuffle masking, the rows contain the following data:
100 Ram Kartheeban
101 Santhosh Kumar 102 Kamatchi Gopalakrishnan 103 Ravi Pandian
Data resiliency
Resiliency depends on how well an organization endures or recovers from any type of failure—from hardware problems to power shortages and other events that affect data availability. Speed of recovery is critical to minimize impact.
Data resiliency refers to an organization's ability to recover from data breaches and other types of data loss, immediately enact business continuity plans, effectively recover lost assets and aggressively protect that organization's data moving forward.
Data security strategies
A comprehensive data security strategy incorporates people, processes and
technologies. Establishing appropriate controls and policies is as much a question of organizational culture as it is of deploying the right tool set. This means making information security a priority across all areas of the enterprise.
Consider the following facets in your data security strategy:
1. Physical security of servers and user devices 2. Access management and controls 3. Application security and patching 4. Backups 5. Employee education 6. Network and endpoint security monitoring and controls
Physical security of servers and user devices
You might store your data on premises, in a corporate data center
or in the public cloud. Regardless, you need to secure your facilities against intruders and have adequate fire suppression measures and climate controls in place. A cloud provider assumes responsibility for these protective measures on your behalf.
Access management and controls
Follow the principle of “least-privilege access” throughout your entire IT
environment. This means granting database, network and administrative account access to as few people as possible, and only to individuals who absolutely need it to get their jobs done.
Application security and patching
Update all software to the latest version as soon as possible after patches or the release of new versions.
Backups
Maintaining usable, thoroughly tested backup copies of all critical data is a core component of any robust data security strategy. In addition, all backups should be subject to the same physical and logical security controls that govern access to the primary databases and core systems.
Employee education
Transform your employees into “human firewalls”. Teaching them the importance of good security practices and password hygiene and training them to recognize social engineering attacks can be vital in safeguarding your data. Network and endpoint security monitoring and controls
Implementing a comprehensive suite of threat management, detection and response
tools in both your on-premises and cloud environments can lower risks and reduce the chance of a breach.
Data Security Threats
A data security threat is any action that could DEMAGE the confidentiality, integrity or availability of data. Data security threats can come from a variety of sources, including hackers, insider threats, natural disasters and human error. Data breaches can have serious consequences for businesses and consumers alike, including financial losses, compromised identities and damaged reputations. To protect their assets, companies need to do their due diligence and make sure they have a system in place that will minimize data security threats by educating employees, monitoring networks for vulnerabilities and more.
Types Of Data Security Threats
There are many data security threats that organizations face daily. Some of these threats include malware ransomware phishing attacks and social engineering.
1. Malware is a type of software that is designed to harm or damage a computer system.
It can be installed on a system through various means, including email attachments, infected websites and malicious adverts. Once installed, malware can delete files, steal information or make changes to a system that can render it unusable. 2. Ransomware is a type of malware that encrypts a victim's files and demands a ransom be paid to decrypt them. This type of attack can be particularly damaging to organizations, as it can result in the loss of important data. 3. Phishing attacks are another common type of threat that organizations face. These attacks involve sending emails that appear to be from a trusted source, such as a bank or other financial institution. The email will usually contain a link that leads to a website that looks identical to the legitimate site. However, the website is designed to steal the victim's login credentials.
How To Protect Data From Cybercriminals
Data security is one of the most important aspects of online life. Without data security, our personal information, financial information and other sensitive data would be vulnerable to cybercriminals. There are many ways to protect your data from cybercriminals, including using strong passwords, installing antivirus software and using firewalls.
One of the best ways to protect your data is to use a password manager. A password manager helps you create and manage strong passwords, and it keeps all of your passwords in one place. This makes it easier to create and remember complex passwords, and it also makes it harder for cybercriminals to hack your account.
Another way to protect your data is to install antivirus software. Antivirus software helps to protect your computer from malware, which can include viruses, spyware and other malicious software. Antivirus software can also help remove any existing malware from your computer.
Finally, you can use a firewall to protect your data. A firewall is a piece of hardware or software that helps to block incoming and outgoing network traffic. Firewalls can be used to prevent cybercriminals from accessing your computer, and they can also help to protect your data from being stolen.
