Understanding Data Security

Written by Bart Nachimow

June 11, 2019

We are hearing a lot about cyber security these days, and for good reason. Major data breaches and security incidents are in the news on a regular basis. It seems that no organization or electronic device is safe from hackers and fraudsters. In response, companies and government agencies are ramping up security efforts. Cyber security is a broad category that involves many different processes and tools. Within cyber security is the practice of data security, the protection of the data that sits behind the firewall. While all elements of security are important, data security is (or should be) a high priority. After all, in most cases, it is data the hackers are after when they attack.

What is Data Security?

There is no single element that defines data security. Rather, it’s invariably a combination of practices, processes, policies and tools. The goal is always the same, though, and that is to protect data from theft, disruption or unauthorized access.

Some data security measures are directly tied to data. For example, encryption protects data by making it unreadable to anyone who doesn’t have the means to decrypt it. Other measures are indirect. Access controls, for instance, limit the number and type of users who have access to data. However, access controls protect more than just data.

The different kinds of data that must be protected

What kinds of data need to be protected? That depends on what the data your company stores. Not all of it deserves a high level of protection. Private personal data, though, and health care information, are high-risk types of data. Having such data breached results in legal liability and regulatory penalties.

General corporate data, like financial records, is also important to protect. After all, with ransomware, an attacker can paralyze an organization by locking up its essential operating data—even if that data is not super-secret or legally protected. Then, there is unstructured data, which exists in documents like PDFs. Unstructured data can be tricky to protect, partly because many companies have absolutely no idea what they actually have in their files. It’s also difficult to establish rules around data access for things like shared file drives and so forth.

Data security vs. cybersecurity

Data security is a subset of cybersecurity. A good cybersecurity program will include some data security countermeasures like encryption and access controls. Like any cyber security process, however, it’s necessary to weigh potential business impact against the costs of implementing data security countermeasures. It may turn out that you have to enforce data security policies selectively in order to get the best protection for the most sensitive data assets.

Data security countermeasures

There are a variety of countermeasures that achieve the objective of data security. In addition to encryption, one approach that’s gaining traction is known as the “Zero Trust” model of data security. As its name implies, zero trust means that no user is trusted for any reason at the outset of his or her access to a network. The user must request access to a particular data asset, which can then be granted or refused. Then, the system prevents the user from accessing any other data asset.

Though potentially cumbersome to administer, the advantage of the zero trust model is that it greatly reduces the risk that an attacker can get inside a network and then steal whatever data he or she comes across. Automation and Artificial Intelligence are making zero trust a practical tool for data security.

Automation is also being put to work securing unstructured data. Some vendors offer solutions that automatically scan thousands (even millions) of documents and use algorithms and rules to determine which of them contain sensitive information like home addresses and social security numbers. The solution then automatically restricts access to these documents.

    Related Articles

    5 Blockchain Initiatives that Can Be Implemented Today

    Blockchain has been so hyped for so long, people may want it without quite understanding what it actually does. There are plenty of reasons for this confusing state of affairs. The biggest culprit is the business of crypt-currencies, which use blockchain technology as their foundation. But, there is much more to blockchain than just Bitcoin and the like. There are many practical blockchain initiatives you can implement today. We will present five of them in this article.

    read more

    Internet of Things (IoT) and Machine Learning Primer: What You Need to Know

    The Internet of Things (IoT) and machine learning (ML) are reshaping the world of computing. From corporate data to consumer devices, these phenomena have been the subjects of intense development. They’re not new, with the IoT having been recognized for around 20 years and the concept of machine learning existing since the late 1950s. However, today, they are advancing in their sophistication and coming together to realize innovations such as online recommendations, fraud detection and self-driving cars.

    read more

    Stay Up to Date With The Latest News

    Meet Our Sponsor

    With an experienced and dedicated team of IT service providers and software consultants, MIBAR provides customers with a one-stop shop for all of their business technology needs.

    Join Our Newsletter

    Get the latest information and resources on business technology.

    Follow Us

    Follow us on social media to stay up to the date with the lastest content.