Understanding Data Security

Written by Bart Nachimow

June 11, 2019

We are hearing a lot about cyber security these days, and for good reason. Major data breaches and security incidents are in the news on a regular basis. It seems that no organization or electronic device is safe from hackers and fraudsters. In response, companies and government agencies are ramping up security efforts. Cyber security is a broad category that involves many different processes and tools. Within cyber security is the practice of data security, the protection of the data that sits behind the firewall. While all elements of security are important, data security is (or should be) a high priority. After all, in most cases, it is data the hackers are after when they attack.

What is Data Security?

There is no single element that defines data security. Rather, it’s invariably a combination of practices, processes, policies and tools. The goal is always the same, though, and that is to protect data from theft, disruption or unauthorized access.

Some data security measures are directly tied to data. For example, encryption protects data by making it unreadable to anyone who doesn’t have the means to decrypt it. Other measures are indirect. Access controls, for instance, limit the number and type of users who have access to data. However, access controls protect more than just data.

The different kinds of data that must be protected

What kinds of data need to be protected? That depends on what the data your company stores. Not all of it deserves a high level of protection. Private personal data, though, and health care information, are high-risk types of data. Having such data breached results in legal liability and regulatory penalties.

General corporate data, like financial records, is also important to protect. After all, with ransomware, an attacker can paralyze an organization by locking up its essential operating data—even if that data is not super-secret or legally protected. Then, there is unstructured data, which exists in documents like PDFs. Unstructured data can be tricky to protect, partly because many companies have absolutely no idea what they actually have in their files. It’s also difficult to establish rules around data access for things like shared file drives and so forth.

Data security vs. cybersecurity

Data security is a subset of cybersecurity. A good cybersecurity program will include some data security countermeasures like encryption and access controls. Like any cyber security process, however, it’s necessary to weigh potential business impact against the costs of implementing data security countermeasures. It may turn out that you have to enforce data security policies selectively in order to get the best protection for the most sensitive data assets.

Data security countermeasures

There are a variety of countermeasures that achieve the objective of data security. In addition to encryption, one approach that’s gaining traction is known as the “Zero Trust” model of data security. As its name implies, zero trust means that no user is trusted for any reason at the outset of his or her access to a network. The user must request access to a particular data asset, which can then be granted or refused. Then, the system prevents the user from accessing any other data asset.

Though potentially cumbersome to administer, the advantage of the zero trust model is that it greatly reduces the risk that an attacker can get inside a network and then steal whatever data he or she comes across. Automation and Artificial Intelligence are making zero trust a practical tool for data security.

Automation is also being put to work securing unstructured data. Some vendors offer solutions that automatically scan thousands (even millions) of documents and use algorithms and rules to determine which of them contain sensitive information like home addresses and social security numbers. The solution then automatically restricts access to these documents.

    Related Articles

    Infrastructure-as-a-Service: Definitions, Use Cases, and More

    The fastest-growing of all the as-a-service offerings, cloud system infrastructure services, or infrastructure as a service (IaaS), which is forecast to grow 27.5 percent in 2019 to reach $38.9 billion, up from $30.5 billion in 2018, according to Gartner. With many businesses working toward adopting IaaS strategies, we would today like to explore this topic as we kick off our as-a-Service series.

    read more

    Cybersecurity Platforms: Hype Reality, and Promise

    You already understand that cybersecurity is important to the long-term success of your firm. This has led to many companies offering cybersecurity “platforms.” Here are just a few of the things you can expect to see in a cybersecurity platform.

    read more

    Stay Up to Date With The Latest News

    Meet Our Sponsor

    With an experienced and dedicated team of IT service providers and software consultants, MIBAR provides customers with a one-stop shop for all of their business technology needs.

    Join Our Newsletter

    Get the latest information and resources on business technology.

    Follow Us

    Follow us on social media to stay up to the date with the lastest content.