Why is data security important?
Data security is the practice of protecting digital information from unauthorized access, corruption, or theft throughout its entire lifecycle. It’s a concept that encompasses every aspect of information security from the physical security of hardware and storage devices to administrative and access controls, as well as the logical
security of software applications. It also includes organizational policies and procedures. When properly implemented, robust data security strategies will protect an organization’s information assets against cybercriminal activities, but they also guard against insider threats and human error, which remains among the leading causes of data breaches today. Data security involves deploying tools and technologies that enhance the organization’s visibility into where its critical data
resides and how it is used. Ideally, these tools should be able to apply protections like encryption, data masking, and redaction of sensitive files, and should automate reporting to streamline audits and adhering to regulatory requirements. Business challenges Digital transformation is profoundly altering every aspect of how today’s businesses operate and compete. The sheer volume of data that enterprises create, manipulate, and store is growing, and drives a greater
need for data governance. In addition, computing environments are more complex than they once were, routinely spanning the public cloud, the enterprise data center, and numerous edge devices ranging from Internet of Things (IoT) sensors to robots and remote servers. This complexity creates an expanded attack surface that’s more challenging to monitor and secure. At the same time, consumer awareness of the importance of data privacy is on the rise. Fueled by increasing public demand for data
protection initiatives, multiple new privacy regulations have recently been enacted, including Europe’s General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA). These rules join longstanding data security provisions like the Health Insurance Portability and Accountability Act (HIPAA), protecting electronic health records, and the Sarbanes-Oxley Act (SOX), protecting shareholders in public companies from accounting errors and financial fraud. With maximum fines
in the millions of dollars, every enterprise has a strong financial incentive to ensure it maintains compliance. The business value of data has never been greater than it is today. The loss of trade secrets or intellectual property (IP) can impact future innovations and profitability. So, trustworthiness is increasingly important to consumers, with a full 75% reporting that they will not purchase from companies they don’t trust to protect their data.
More on data security
Encryption Using an algorithm to transform normal text characters into an unreadable format, encryption keys scramble data so that only authorized users can read it. File and database encryption
solutions serve as a final line of defense for sensitive volumes by obscuring their contents through encryption or tokenization. Most solutions also include security key management capabilities. Data Erasure More secure than standard data wiping, data erasure uses software to completely overwrite data on any storage device. It verifies that the data is unrecoverable. Data Masking By masking data, organizations can allow
teams to develop applications or train people using real data. It masks personally identifiable information (PII) where necessary so that development can occur in environments that are compliant. Data Resiliency Resiliency is determined by how well an organization endures or recovers from any type of failure – from hardware problems to power shortages and other events that affect data
availability (PDF, 256 KB). Speed of recovery is critical to minimize impact. Data security capabilities and solutions
Data security tools and technologies should address the growing challenges inherent in securing today’s complex, distributed, hybrid, and/or multicloud computing environments. These include understanding where data resides, keeping track of who has access to it, and blocking high-risk activities and potentially dangerous file movements.
Comprehensive data protection solutions that enable enterprises to adopt a centralized approach to monitoring and policy enforcement can simplify the task. Data discovery and classification tools Sensitive information can reside in structured and unstructured data repositories including databases, data warehouses, big data platforms, and cloud environments. Data discovery and classification solutions automate the process of identifying sensitive information, as well
as assessing and remediating vulnerabilities. Data and file activity monitoring File activity monitoring tools analyze data usage patterns, enabling security teams to see who is accessing data, spot anomalies, and identify risks. Dynamic blocking and alerting can also be implemented for abnormal activity patterns. Vulnerability assessment and risk analysis tools These solutions ease the process of detecting and mitigating vulnerabilities
such as out-of-date software, misconfigurations, or weak passwords, and can also identify data sources at greatest risk of exposure. Automated compliance reporting Comprehensive data protection solutions with automated reporting capabilities can provide a centralized repository for enterprise-wide compliance audit trails.
A comprehensive data security strategy incorporates people, processes, and technologies. Establishing appropriate controls and policies is as much a question of organizational culture as it is of deploying the right tool set. This means making information security a priority across all areas of the enterprise. Physical
security of servers and user devices Regardless of whether your data is stored on-premises, in a corporate data center, or in the public cloud, you need to ensure that facilities are secured against intruders and have adequate fire suppression measures and climate controls in place. A cloud provider will assume responsibility for these protective measures on your behalf. Access management and controls The principle of “least-privilege access” should be
followed throughout your entire IT environment. This means granting database, network, and administrative account access to as few people as possible, and only those who absolutely need it to get their jobs done. Learn more about access management Application security and patching All software should be updated to the latest
version as soon as possible after patches or new versions are released. Backups Maintaining usable, thoroughly tested backup copies of all critical data is a core component of any robust data security strategy. In addition, all backups should be subject to the same physical and logical security controls that govern access to the primary databases and core systems.
Learn more about data backup and recovery Employee education Training employees in the importance of good security practices and password hygiene and teaching them to recognize social engineering attacks transforms them into a “human firewall” that can play a critical role in safeguarding your data. Network and endpoint security
monitoring and controls Implementing a comprehensive suite of threat management, detection, and response tools and platforms across your on-premises environment and cloud platforms can mitigate risks and reduce the probability of a breach. AI AI amplifies the ability of a data security system because it can process large amounts of data. Cognitive Computing, a subset of AI, performs the same tasks as other AI systems but it does so by simulating human thought processes. In data security, this allows for rapid decision-making in times of critical need.
Learn more about AI for cybersecurity Multicloud security The definition of data security has expanded as cloud capabilities grow. Now organizations need more complex solutions as they seek protection for not only data, but applications and proprietary business processes that run across public and private clouds.
Learn more about cloud security Quantum A revolutionary technology, quantum promises to upend many traditional technologies exponentially. Encryption algorithms will become much more faceted, increasingly complex and much more secure. How data security and other security facets interact Achieving
enterprise-grade data security The key to applying an effective data security strategy is adopting a risk-based approach to protecting data across the entire enterprise. Early in the strategy development process, taking business goals and regulatory requirements into account, stakeholders should identify one or two data sources containing the most sensitive information, and begin there. After establishing clear and tight policies to protect these limited sources, they can then
extend these best practices across the rest of the enterprise’s digital assets in a prioritized fashion. Implemented automated data monitoring and protection capabilities can make best practices far more readily scalable. Data security and the cloud Securing cloud-based infrastructures requires a different approach than the traditional model of situating defenses at the network’s perimeter. It demands comprehensive cloud data discovery and classification tools, plus
ongoing activity monitoring and risk management. Cloud monitoring tools can sit between a cloud provider’s database-as-a-service (DBaaS) solution and monitor data in transit or redirect traffic to your existing security platform. This allows for policies to be applied uniformly no matter where the data resides. Data security and BYOD The use of personal computers, tablets, and mobile devices in enterprise computing environments is on the rise despite security leaders’
well-founded concerns about the risks that this practice can pose. One way of improving bring your own device (BYOD) security is by requiring employees who use personal devices to install security software to access corporate networks, thus enhancing centralized control over and visibility into data access and movement. Another strategy is to build an enterprise-wide, security-first mindset, encouraging employees to utilize strong
passwords, multi-factor authentication, regular software updates, and device backups, along with data encryption by teaching them the value of these actions. Data security, privacy and protection
solutions Data security solutions Protect data across multiple environments, meet privacy regulations and simplify operational complexity. Data security services
Protect data against internal and external threats. Homomorphic encryption Unlock the value of sensitive data without decryption to preserve privacy. Storage data backup and
recovery Go beyond data backup and recovery to unify workload protection and cyber resilience. Data encryption solutions Protect enterprise data and address regulatory compliance with data-centric security solutions. Data privacy Strengthen data privacy protection with IBM data privacy solutions. Ransomware protection Protect your organization’s data from ransomware threats. Zero trust security Protect critical data using zero trust security practices. Flash storage solutions Simplify data and infrastructure management with the unified IBM FlashSystem® platform family, which streamlines administration and operational complexity
across on-premises, hybrid cloud, virtualized and containerized environments. Data security resources
Cybersecurity is the protection of internet-connected systems such as hardware, software and data from cyberthreats. The practice is used by individuals and enterprises to protect against unauthorized access to data centers and other computerized systems.
Which of the following ensures that data is accessible to authorized users?
Data availability means that information is accessible to authorized users. It provides an assurance that your system and data can be accessed by authenticated users whenever they're needed.
The basic tenets of information security are confidentiality, integrity and availability. Every element of the information security program must be designed to implement one or more of these principles.
What is a privacy policy designed to guard against?
What's a privacy policy designed to guard against? Misuse or Abuse of sensitive data. Privacy policies are meant to govern the access and use of sensitive data for authorized parties.
|