Data security is the discipline of protecting data from theft, deletion and corruption. The practice is increasingly essential due to the considerable value that big data has in the modern enterprise. Whether it’s consumer or financial data, or some form of intellectual property, ensuring data remains secure and intact is now an essential business practice.
Data security incidents are on the rise. In January 2021 alone, more data was compromised by hackers than in the entire year of 2017; 2021 has since broken numerous records when it comes to data breaches. Data is the lifeline of every business today, and if it is lost or stolen, the consequences can be disastrous. A variety of tactics can be used to protect data, but ultimately the enterprise requires a combination of smart business strategies and technological tools to ensure data is kept safe.
In this article, we’ll discuss the increasing importance of data security, key data security regulations, the intersection of security and privacy, and specific methods and security technologies required for protecting data in the enterprise.
What Is Data Security? | Contents
Why is data security important?
What are the biggest data security threats?
What are the benefits of data security?
What is the difference between data privacy and data security?
What are the types of data security for business?
What is data security compliance?
What are the primary data security tactics and best practices?
How is data security affected by the cloud?
What are some enterprise data security solutions?
How do you implement a strong data security strategy?
The Bottom Line: Data security is fundamental to every business
Data security is important because data carries immense value. A typical business will carry its strategic plans, customer information, competitive analysis, intellectual property, personally identifiable information (PII) and other sensitive information in digital format. If that data is lost or falls into competitors’ hands, the cost to recreate that data would be immense.
Data also carries risk-related costs. If data is breached or otherwise lost, organizations face stiff financial penalties. A major breach severely impacting a business’s ability to operate is already costly, but in addition, businesses also face steep secondary costs that include damage to brand and reputation, loss of customer trust and remediation expenses.
Finally, cybersecurity attacks such as ransomware are omnipresent problems that every business grapples with. Ransomware authors in particular rely on algorithms that encrypt business data and hold it hostage until a ransom is paid, after which the attacker (theoretically) decrypts the data and returns it to the business. Many businesses elect to pay ransoms — some upwards of $4 million — while many others refuse to pay the ransom and instead attempt to recreate the lost data or get by without it. Ignoring a ransomware attack also comes with consequences. The city of Baltimore refused to pay a ransom of about $76,000 to recover encrypted data, electing instead to invest in recovery efforts costing an estimated $18.2 million.
Data can be impacted in a number of ways. Here are some of the biggest threats to data security:
The wide range of desktops and mobile devices used in the enterprise expand the attack surface and increase risk of data loss or theft.
Data security not only prevents financial loss; keeping data safe also empowers organizations to make strategic decisions. Data that is properly secured is more trustworthy because the enterprise is confident that it has not been corrupted or compromised. Secure data also prevents organizations from violating compliance mandates and incurring costly financial penalties. And secure data also provides a critical backbone for the business when it comes to making strategic decisions, such as choices about creating new products or entering new markets.
While data security is related to keeping any type of data safe from attack or corruption, privacy is related to the safeguarding of personally identifiable information and, specifically, the proper usage of that information.
Data privacy and data security can often be independent of each other. For example, data can be fully secured against outsiders, but if it is misused internally by an organization, organizations can be found in violation of privacy mandates, such as the European Union's General Data Protection Regulation (GDPR). Similarly, an enterprise may suffer an attack that compromises its consumer data; which might be a security breach, but not a privacy violation.
That said, security and privacy often go hand in hand. An attack that results in a stolen consumer database containing credit card numbers and personally identifying information is both a security and privacy breach.
A number of tools and technologies should be used in the enterprise to ensure data security, including the following:
Compliance is a broad term that describes the methods by which an organization follows various standards and regulations; data security compliance refers specifically to laws and rules around how data is used and kept secure. Data security compliance is most commonly applicable to customer data, but it can also apply to employee data and other types of business data.
Regulatory compliance, or data security compliance, has become a critical topic in the enterprise as a variety of laws and regulations have recently been enacted in response to years of headline-grabbing privacy violations, data breaches and cyberattacks. Today there are numerous regulations, including GDPR, HIPAA, and others, which are designed to protect consumers from the misuse of their personal data — and to penalize companies that do not take the proper steps to adequately protect it. These regulatory requirements outline the security measures that should be taken during the storage of data, how it can be shared and what to do in the event that it is breached.
Some of the most critical data security compliance rules include:
PCI DSS establishes broad data security standards for businesses processing and storing payment card information
An IT organization must consider and follow best practices to ensure data is kept safe, including:
The cloud has complicated data security for many organizations. While the cloud is not inherently less safe than on-premises data centers, it does present new challenges from a security perspective.
The primary concerns around cloud security are those of observability and visibility. In the data center, an enterprise has a more refined level of control over its documents; a connection to the outside world can be severed by literally “pulling the plug” on the server, and if a hard drive fails, it can be physically replaced. In the cloud, data typically exists in a nebulous ether. Are backups being performed properly? Is security as good as the provider claims? In many cases, the organization simply has to trust that best practices are being followed.
Some security risks are essentially the same in both the cloud and on-premises environments. For example, insiders represent a similar threat whether they are accessing data on-site or online. The enterprise must also work to ensure credentials are managed properly both in the cloud and on premises, and that only authorized users are given access to cloud-based data stores.
Conversely, the cloud has reopened the doors to so-called shadow IT. The ease and low cost of signing up for all manner of cloud services can often lead to an enterprise’s data being scattered across hundreds of sites. As of July 2021, Netskope reported that the typical enterprise (with 500 to 2000 employees) was actively using 805 different cloud services each month, 97% of which were shadow IT apps.
Despite these valid concerns, the cloud can be a perfectly safe place for data to reside, and many services provide training tools to get organizations up to speed quickly. Thus, most practitioners now say they feel the cloud is safer than on-premise alternatives.
Some of the key tools used to secure organization's data include:
SIEM tools can analyze security incidents in real time, providing visibility into all aspects of the environment.
A strong data security strategy begins with a business case for data protection. Data must be identified (wherever it resides) and risk must be assessed for each dataset to determine where the business prioritizes the allocation of resources and the specific tactics that need to be taken to improve its security. From there, the organization needs to make data security a core part of the corporate culture with consistent user training and reinforcement of security policies. Putting key data security solutions, such as SIEM, encryption and backup, into place and maintaining them appropriately is a critical final step.
Data is a critical component of every enterprise, large or small, making data security a key business function. The threats to enterprise data are greater than ever, and any organization that fails to take measures to keep that data safe from corruption, loss or theft runs the risk of disrupting or halting operations. Data security is as much about culture as it is about specific tools, and attention to both is essential when developing a comprehensive security strategy.