The most important aspect of any company’s cybersecurity strategy revolves around how to protect company data and prevent data loss. This includes data at rest, in transit, and in use.
Each of them has the same objective: to ensure data security and protection.
What is data security and why is it important?
Data security refers to the practice of protecting data against theft, loss, or unauthorized access throughout its lifecycle.
Data breaches are an ongoing problem for organizations. A ThoughtLab Report found a 15.1% increase in the number of data breaches and cyberattacks in 2021 compared to 2020. Data breaches not only expose company data, but also expose companies to lawsuits and fines.
Data security practices, policies, and technologies are also key to preventing internal users from taking inappropriate actions with data.
Data security is important because it contributes to the following:
- protect intellectual property;
- prevent financial losses;
- maintain customer confidence; and
- ensure compliance with several regulatory standards.
The last point is important because organizations must comply with a variety of industry and federal regulations, from GDPR and CCPA to Sarbanes-Oxley and PCI DSS.
Types of data security technologies
Data security is paramount as attackers relentlessly search for any vulnerabilities to infiltrate corporate networks. To properly protect data, businesses can use the following seven technologies.
A firewall is the initial security layer of a system. It is designed to prevent unauthorized sources from accessing company data. A firewall acts as an intermediary between a personal or corporate network and the public Internet. Firewalls use pre-configured rules to inspect all packets entering and leaving a network and therefore help prevent malware and other unauthorized traffic from connecting to devices on a network.
The different types of firewalls include the following:
- basic packet filtering firewalls
- circuit-level gateways
- application-level gateways
- stateful inspection firewall
- next-generation firewall
2. Authentication and Authorization
Two processes are used to ensure that only appropriate users can access company data: authentication and authorization.
Authentication involves users providing proof that they are who they say they are. This proof can provide a secret, such as a password or PIN, or biometric authentication. Depending on the authentication scenario, users may be required to provide one or more additional factors upon login, called two-factor authentication Where multi-factor authentication (MFA). Stronger authentication may also be required if a user attempts a more restricted action after initially logging in successfully.
Here are examples of authentication:
- biometric analyzes
- behavioral analyzes
After users have proven their identity, authorization determines whether the user has the appropriate permissions to access and interact with specific data. By authorizing users, they get permissions within the system to read, modify, and write different resources.
Examples of authorization are as follows:
- principle of least privilege access
- attribute-based access control
- role-based access control
3. Data encryption
Data encryption converts data into encoded ciphertext to keep it safe at rest and in transit between trusted parties. Data encryption ensures that only those with the appropriate decryption key can view the data in its original plain text form. Encrypted data is meaningless if captured by attackers.
Here are examples of data encryption:
- asymmetric encryption, also called public key encryption; and
- symmetric encryption, also called secret key encryption.
Protecting data at rest involves endpoint encryption, which can be done through file encryption or full disk encryption methods.
4. Data Masking
Data obfuscation obscures data so that even if criminals exfiltrate it, they cannot figure out what they stole. Unlike encryption, which uses encryption algorithms to encode data, data obfuscation involves replacing legitimate data with similar but fake data. This data may also be used by the business in scenarios where the use of real data is not necessary, such as for software testing or user training.
Tokenization is an example of data masking. This involves replacing the data with a unique string of characters that contains no value and cannot be reverse-engineered if captured by bad actors.
Other examples of data masking are:
- data anonymization
- generalization of data
- data anonymization
5. Hardware-Based Security
Hardware-based security involves physically protecting a device rather than relying solely on software installed on the hardware. Because attackers target every layer of computing, enterprises need silicon-integrated protections to ensure hardened devices.
Here are examples of hardware-based security:
- hardware firewalls
- proxy servers
- hardware security modules
Hardware-based security often works in isolation alongside the main processor, such as with Apple’s Secure Enclave.
6. Data Backup and Resilience
Organizations need to save multiple copies of data, especially if they want to perform a full recovery from a data breach or other disaster. With data backups in place, businesses can resume normal business operations faster and with fewer setbacks. To ensure data resiliency, organizations need protections in place to keep backed up data secure and ready to use.
An example of data backup protection is data backup, which creates isolated versions of backed up data. Organizations should also follow a 3-2-1 backup strategy, which results in at least three saved copies of data in different locations.
Other types of data backup protection include the following:
- cloud backup
- External hard drives
7. Erasure of data
It is important for organizations to properly delete data and ensure that deleted data is not recoverable. Known as data erasure, this process involves completely overwriting the stored data so that it cannot be recovered. Also known as destruction of dataerasing data often involves making the data unreadable after erasing it.
Organizations must be able to properly destroy data, particularly following regulations such as GDPRwhich stipulate that customers can request the erasure of their personal data.
Other types of data erasure include the following:
- data erasure
- to crush
- physical destruction