script

24 January, 2022

A Cybersecurity Primer – Part II: Data Security

By: Lotfi Al-Sarori 

In our previous article, we discussed the topic of system security as the first area in our coverage of the various aspects of cybersecurity. In this article, we continue the same topic to go over another essential area of IT security, data security. So, without further ado, let’s get started.

Data Security

Data security encompasses securing it from being altered, whether purposefully or accidentally. Information security practices must protect data against theft, damage, or compromise. There are various angles to consider when discussing data security. Here, let us approach them from two perspectives: the CIA triad and data protection stages.

 

CIA Triad

Information systems must protect data and maintain its confidentiality, integrity, and availability. The CIA triad is the name given to this key security concept. This is one of the most common security models in information security. Effective security programs should have the CIA triad dimensions confidentiality, integrity, and availability in their main goals.
The purpose of applying proven security and control practices is to keep information confidential, preserve its integrity, and make it available for authorized entities to use. Security measures need to make sure the data itself is not compromised and that it is well preserved. That is, protect data integrity. In addition, accessibility should not be blocked by information security. When authorized people require information, it should be easily found. Strict security practices should not be at the expense of information availability to authorized users.

Figure 1: The CIA Triad


Data Protection Stages

Data should be secured while stored, utilized, or moved, that is, at rest, in use, or in transit. These are the three main stages of data utilization, which are discussed next.
 

Data At Rest

Securing data at rest requires safeguarding data while being stored in the datastore such as a database or file system. This is done by restricting access to the datastore where only eligible software systems and authorized users, such as database admins, will have access to it. Access control was covered in detail in our article about IT security, system security.
 
In addition, in certain cases, data encryption is applied to the stored data as an extra security precaution. However, in large systems with a big amount of data and heavy usage, encrypting stored data may not be a preferred approach. It could slow down the system due to the encryption and decryption process that must be performed every time data is stored or retrieved. Hence, this is only used in very strict environments where the security of stored data is a big concern and the effect on system performance can be tolerated. Otherwise, securing stored data is usually done by restricting and securing access to the datastore itself using advanced access control mechanisms as discussed.

Data In Use

Protecting data in use can be accomplished by securing the system that utilizes the data. This entails protecting data when users retrieve it from the datastore to view or update it. A software system is used to retrieve the information from the datastore, display it to the user, and then save it back to the datastore when updated. Therefore, securing data in use requires restricting access to the system from which the data can be accessed. This was covered in detail in our previous IT security article about system security.

Data In Transit

Most data breaches happen when data is being used or in transit. Since data may be transmitted over nonsecure media to external systems, over which system admins may not have control, encrypting data in transit is vital. Otherwise, attackers may intercept the transmission and, using basic IT tools, be able to view all that was transmitted.
Encrypting data in transit is a very common and essential security approach. Web-based systems, for example, implement SSL (Secure Socket Layer) protocol by utilizing HTTPS (secure HTTP) to use encryption mechanisms to secure data exchange between senders and receivers.


Figure 2: Data Protection Stages

To Recap …

This was a summarized coverage of the area of data security. We discussed the importance of securing data from being altered, damaged, or compromised. We also covered the CIA triad. That is, keeping data confidential and preserving data integrity while also making data securely available to authorized users. We then discussed securing data during its three main stages: at rest, in use, and in transit.

In our next article in this series, we will discuss another key aspect of cybersecurity, network security.
 
Stay tuned!

Meanwhile, check out the wide range of business systems that ESKADENIA Software offers for telecom, insurance, healthcare, and education as well as general-purpose enterprise systems (i.e., horizontal systems) including software for security, analytics, and Internet solutions.




No comments:

Post a Comment

About ESKADENIA Software

ESKADENIA® Software is a three-time MENA Award Winner & CMMI® level 3 certified company that is active in the design, development and deployment of a range of software products in the Telecom, Insurance, Enterprise, Education, Healthcare, and Internet application areas. The company is based in Jordan and has sales activities in Europe, the Middle East and Africa; more than 85% of its sales are exported to the global market. For more information, visit www.eskadenia.com, or contact us at pr@eskadenia.com.