je.st
news
What is data security?
2020-10-02 18:09:01| The Webmail Blog
What is data security? nellmarie.colman Fri, 10/02/2020 - 11:09 Data security refers to your policies and standards for protecting your data across your network, infrastructure and applications and at multiple layers. Data security methods span on-premises and cloud environments and include encryption, masking, tokenization, erasure, authentication, access control, backups and recovery and data resilience. Data security also involves compliance-related demands driven by government regulations or industry standards like PCI or HIPAA. The importance of data security According to a recent Verizon report, one in eight breaches are financially motivated, and all breaches create financial turbulence for the victims. A data breach can cause just as much disruption as being found in non-compliance. Without a solid data security strategy, you could be at risk for public relations fallow, non-compliance penalties and productivity losses. Some common consequences of a data breach include: Public relations fallout Online consumer expectations are on the rise. So when potential customers or investors hear that your organization has been breached, it makes you appear careless and unreliable even if you did everything that you were supposed to do. This perception could result in losing market share and may even impact your stock price. The effort and cost to clean up the initial breach, manage the media, communicate with customers and re-build your brand detracts resources from your core mission. Non-compliance penalties Not following regulatory and legal requirements around retention, permissions and storage can lead to big fines for non-compliance. Primarily, those fines are penalties from the regulatory board. In addition to that, there may also be associated fees such as direct payments to breach victims, supplying remediation services (credit monitoring or identity protection) or lawsuits for damages. Productivity losses After a data breach, IT teams must drop whatever theyre doing to respond and resolve the threat. If data loss occurs, theres time spent on restoring backups. A security breach will likely impact the ability of some employees to access and use data needed to complete their jobs. In a recent CISO study conducted by Cisco, 48% of companies with over 10,000 employees experienced at least four hours of downtime related to a data breach, and a third experienced up to 16 hours of downtime. Types of data security technology Protecting data in the cloud or on-premises will involve using one or more of the following technologies: Data encryption Data masking Tokenization Data erasure Authentication Access control Backups and recovery Data resilience Data encryption Data encryption prevents unauthorized users from accessing data. This technique requires some type of authorization or key to decrypt and view or edit data. Encryption primarily applies at the network and infrastructure level; however, physical assets, flash drives or hard disks can also employ this data security method. Encryption can be applied within applications as well. For example: Original data: John Smith Encrypted: 393938383838 Decrypted: John Smith Locked status: Locked; can unlock Access: End users can access the entire set of data Data masking When data is masked, all or parts of the data are replaced. This is often seen when credit card or social security numbers are displayed. The data is there, but its not accessible. This technique is used for situations where the data is saved into the system, but due to compliance issues, like PCI or HIPPA, users can't view the actual data. Masking is non-reversable. Once masked, the data loses its value and is not available for use in any other functions. For example: Original data: John Smith Masked: 393938383838 Unmasked: n/a Locked status: Locked; cant unlock Access: End users cannot access the data and the data cant be used for analysis Tokenization Though its important to leverage the value of all data, certain data elements like Personally Identifiable Information (PII), medical details and financial information need to be handled with particular care. Tokenization allows organizations to hide sensitive information but retain its meaning. Unlike encryption, where the data can be unlocked, or masking, where the data loses its value, tokenization cannot be unlocked but its characteristics are still valuable. You may not know each customers name and address, but you can pull data to determine, for example, when customers in a particular region spend more on a particular item. Original data: John Smith Tokenized: 838383838 Unerased: n/a Locked status: Locked; cant unlock Access: End users can access the data insights but not the actual data set Data erasure Due to the rise in privacy protection regulations, like GDPR and CCPA, businesses need to not only protect the data they ingest, but allow for a process to delete that data as well. Messy data hygiene and careless data governance adherence may make it impossible for some organizations to fully comply with data erasure requests because they dont have a good handle on all of the places data points could be housed. When done correctly, data erasure works like this: Original data: John Smith Erased: [no data] Unerased: n/a Access: Data is non-existent. End users never knew the data existed. Authentication Authentication is the process by which users identify who they are and can access information. For some systems, its a password; for other systems, it might be a biometric indicator like fingerprints or face scans. Authentication unlocks locked data for use by authorized parties. This is applied at the network, application or file level. Access control By establishing user groups and role-based access methods, organizations can control which users see what data. This ensures that employees who need to see sensitive data are properly authorized to do so. Access control is written into most data compliance standards to prevent, for example, a receptionist in a doctors office from seeing a patients full medical record as opposed to just the insurance information needed to register and schedule patients. Backups and recovery Backups and recovery refer to the way you store data and plan to restore it in case of an incident. Much like consumer-level services that cover you if you accidently delete a file or lose your phone, backup at the enterprise level means spreading data out into multiple secure locations to provide redundancy. If one location fails, the other location kicks in with an exact snapshot
Tags: data
security
Category:Telecommunications