What Is Data Security?

Data security is important because data carries immense value. A typical business will carry its strategic plans, customer information, competitive analysis, intellectual property, personally identifiable information (PII) and other sensitive information in digital format. If that data is lost or falls into competitors’ hands, the cost to recreate that data would be immense.

Data also carries risk-related costs. If data is breached or otherwise lost, organizations face stiff financial penalties. A major breach severely impacting a business’s ability to operate is already costly, but in addition, businesses also face steep secondary costs that include damage to brand and reputation, loss of customer trust and remediation expenses.

Finally, cybersecurity attacks such as ransomware are omnipresent problems that every business grapples with. Ransomware authors in particular rely on algorithms that encrypt business data and hold it hostage until a ransom is paid, after which the attacker (theoretically) decrypts the data and returns it to the business. Many businesses elect to pay ransoms — some upwards of $4 million — while many others refuse to pay the ransom and instead attempt to recreate the lost data or get by without it. Ignoring a ransomware attack also comes with consequences. The city of Baltimore refused to pay a ransom of about $76,000 to recover encrypted data, electing instead to invest in recovery efforts costing an estimated $18.2 million.

Data security not only prevents financial loss; keeping data safe also empowers organizations to make strategic decisions. Data that is properly secured is more trustworthy because the enterprise is confident that it has not been corrupted or compromised. Secure data also prevents organizations from violating compliance mandates and incurring costly financial penalties. And secure data also provides a critical backbone for the business when it comes to making strategic decisions, such as choices about creating new products or entering new markets.

While data security is related to keeping any type of data safe from attack or corruption, privacy is related to the safeguarding of personally identifiable information and, specifically, the proper usage of that information.

Data privacy and data security can often be independent of each other. For example, data can be fully secured against outsiders, but if it is misused internally by an organization, organizations can be found in violation of privacy mandates, such as the European Union's General Data Protection Regulation (GDPR). Similarly, an enterprise may suffer an attack that compromises its consumer data; which might be a security breach, but not a privacy violation.

That said, security and privacy often go hand in hand. An attack that results in a stolen consumer database containing credit card numbers and personally identifying information is both a security and privacy breach.

A number of tools and technologies should be used in the enterprise to ensure data security, including the following:

• Access management, access controls and authentication: These tools are familiar to most computer users in the form of username and passwords. Biometrics, multi-factor authentication and other forms of user validation are other examples.
• Backup technology: High-quality backups can be the difference between an outright disaster and a minor hiccup in the enterprise. Backups should be stored offsite (and preferably offline) to insulate them from damaging cyberattacks and must be tested regularly to ensure effectiveness.
• Encryption keys and other tools: Essential for any type of sensitive data, data encryption tools conduct data masking using near-impossible ciphers so that even if it is compromised, it is useless to the attacker.
• Physical security: Locks on doors, security systems and other solutions that keep physical hardware protected are essential for any business.

An IT organization must consider and follow best practices to ensure data is kept safe, including:

• Protect the data directly: A strong perimeter security system in the form of multi-level user authentication, firewalls and intrusion detection is necessary and a good start — but the data itself must still be protected to prevent threats from making it through defense systems (including unauthorized access by insider threats). Encryption as well as data loss prevention DLP (McAfee, Symantec, IBM and others have offerings) protecting all data at rest and in flight are crucial.
• Invest in strong data tools and technologies: Security analytics and automation, powered by machine learning, can standardize routine security functions so analysts can turn their attention to bigger problems and more critical threats.
• Ensure regular backups and test them constantly: Backups are critical for protecting data against everything from hard drive failure to ransomware attacks. Backups should be performed at least daily, kept in a different location than where the data resides, and tested regularly to ensure that data is not corrupted. Many of these functions can be conducted via automation.
• Properly dispose of retired media: At one time, hard drives sold on aftermarket sites like eBay would regularly have their original data intact. While that happens less frequently now, physical media that is being retired should be completely encrypted and/or overwritten with multiple passes before being wiped.
• Train users regularly: The principles of strong data security need to become a core part of the enterprise fabric through regular user training. Security procedures should be formally documented and regularly updated. Organizations also need to implement a strong data governance strategy, which is then effectively baked into all employee training.

The cloud has complicated data security for many organizations. While the cloud is not inherently less safe than on-premises data centers, it does present new challenges from a security perspective.

The primary concerns around cloud security are those of observability and visibility. In the data center, an enterprise has a more refined level of control over its documents; a connection to the outside world can be severed by literally “pulling the plug” on the server, and if a hard drive fails, it can be physically replaced. In the cloud, data typically exists in a nebulous ether. Are backups being performed properly? Is security as good as the provider claims? In many cases, the organization simply has to trust that best practices are being followed.

Some security risks are essentially the same in both the cloud and on-premises environments. For example, insiders represent a similar threat whether they are accessing data on-site or online. The enterprise must also work to ensure credentials are managed properly both in the cloud and on premises, and that only authorized users are given access to cloud-based data stores.

Conversely, the cloud has reopened the doors to so-called shadow IT. The ease and low cost of signing up for all manner of cloud services can often lead to an enterprise’s data being scattered across hundreds of sites. As of July 2021, Netskope reported that the typical enterprise (with 500 to 2000 employees) was actively using 805 different cloud services each month, 97% of which were shadow IT apps.

Despite these valid concerns, the cloud can be a perfectly safe place for data to reside, and many services provide training tools to get organizations up to speed quickly. Thus, most practitioners now say they feel the cloud is safer than on-premise alternatives.

Data is a critical component of every enterprise, large or small, making data security a key business function. The threats to enterprise data are greater than ever, and any organization that fails to take measures to keep that data safe from corruption, loss or theft runs the risk of disrupting or halting operations. Data security is as much about culture as it is about specific tools, and attention to both is essential when developing a comprehensive security strategy.

• Fundamentals of Next Generations Security Information and Event Management
• How to Become a Splunk Enterprise Security Champion
• Data, Security and Digital Citizen Services Post Covid-19
• Enhancing Data Security With Splunk and Google Cloud
• Data-Driven Healthcare Security
• Endpoint Security Data Collection Strategy: Splunk UF, uberAgent or Sysmon?
• KPI Management: An Introduction
• What is Financial Crime Risk Management (FCRM)?
• Serverless Functions: A Beginner's Guide
• What is Server Monitoring?
• Introduction to Security Automation