On May 25th, 2018, the European Union implemented the GDPR. While most people did not initially understand the policy's aim or role, it has sparked numerous discussions and increased interest in data privacy and security. Lately, every country is rushing towards implementing a data privacy act. But what is this all about? What does it mean to have a data privacy act or law? What does it mean to have data security? The terms have been used interchangeably over time by different people. I bet you have too. So, what does each of this jargon mean? Let's start with data security.
It is the process of protecting information or data from unauthorized access.
Data security
When discussing data security, the main concern is safeguarding information from unauthorized access. We can say it is the process of protecting the said information or data from being accessed or reached by people who are not allowed to. Take an example of your private files on bank records, or that text from a friend or a special friend that you don't want to be read by anyone else except you. How do you safeguard that from being reached or read by others? One option would be to enable password protection on your device to restrict access. Another method would be to use secure apps, and the other would be to use secure texting or ghost texting (Telegram has this feature). All of these are examples of data security concepts. While the example given describes one of the most common activities one does, it is a simple concept of how we use data security features in day-to-day life.
Data security at scale entails maintaining the CIA triad: confidentiality, integrity, and availability. There are various methods to enhance data security in a workspace or environment.
Confidentiality refers to measures taken to ensure that unauthorized parties do not breach the privacy of the data or access sensitive data. Who are the wrong people? You ask. Anyone who is not authorized to access certain information is the wrong person; therefore, confidentiality aims to ensure that this person does not access it.
Privacy in data is measured based on the loss or damage that unauthorized access would result in.
There are everyday activities carried out to ensure data confidentiality, such as using an account number instead of the customer's details when handling transactions, using a routing number in online banking, etc. Confidentiality is also ensured through encryption when storing or transmitting data, preventing unauthorized access. On your PC, you have a password that allows only users you trust to access its contents, which is another form of confidentiality feature people implement.
As the value of data or information increases, more people enforce data confidentiality. Two-factor authentication is replacing the simple use of passwords and user IDs. Others include the use of biometric verification, such as fingerprint scans, to gain access to certain information or systems. Reducing the number of times a given piece of information is transmitted or reappears is a feature of data security. Big companies also enhance security by using air-gapped storage that is either accessible only to specific workstations or inaccessible from all systems except one. These are all features of ensuring information confidentiality.
What about information integrity?
This ensures the consistency, trustworthiness, and accuracy of the information throughout its lifetime. This is all about not changing the data in either transit or storage. However, sometimes we need to change the data, so only authorized personnel may modify it during storage or transit. In storage, data is protected by only granting a defined group of authorized people access while denying others. Permissions are used to protect data from different user groups. I bet you have tried to access or write to a given file and received an error that you cannot edit the file or the folder. This is all to retain the integrity of the data in the file or the fiddler. User access controls determine who can access what data and how they can interact with it. Other methods of ensuring data integrity include backup redundancies and verification checksums.
Availability entails ensuring that the data can be reached or accessed when needed. However, this only applies to authorized persons. In some instances, challenges in obtaining information from the systems pose a considerable concern for data security. While it is essential to deny access to unauthorized persons, it would be a major failure if access were also unavailable to authorized persons.
Data availability is about ensuring that hardware, operating systems, network connections, and users work efficiently to provide access to authorized information within the organization. Disaster recovery procedures come in handy in this case — in the event of a disaster, there is a high chance that access to the information would be lost. This, therefore, calls for a fast reconnection to the data storage. Ensuring data availability involves redundancy, failover, high-availability clusters, and RAID implementations in the systems. Backups also help ensure that data copies exist to be used whenever previous storage has been compromised or lost in disasters. Security features such as proxy servers and firewalls are installed to protect data availability against actions such as denial-of-service attacks or attacks on the network or systems.
Conclusion
Data security is about safeguarding the data from unauthorized access. It is also about ensuring that the data remains in the correct form and is unchanged if unauthorized people access it, and that it is available when needed. There are different ways of enduring, all of which are achieved, as seen above. Data security is also very different in definition from data privacy.