What is data security? Is it similar to computer security? How does one go about securing data? Is data security similar to physical security?
The basic definition of data security is protecting digital data, including those in a network, from malicious attacks and from the undesirable activities of unauthorized users, including a virus, spyware, or a hacker. Some organizations have failed to define data security adequately, resulting in serious consequences. For instance, in April 2009, Verizon Communications was fined $456 million for failing to properly safeguard the private information of its customers.
One key problem with data security is defining it. Many people know the basics: secure data networks, use encrypted data storage, regularly back up data, and so forth. But very few IT managers or executives fully understand the full range of issues that concern organizations today, and even fewer individuals have a deep understanding of how the current marketplace is evolving. In short, people are simply not knowledgeable enough on many aspects of data security to truly manage it. This oversight can result in not only expensive compromise situations but also in unneeded risks to the stability of the cloud.
The first step toward securing data is knowledge of what data security is and what threats are posed by it. The term “data security” can mean different things to different people, depending on their area of expertise. It can mean simply having the best practices for securing data in an organization. Or it can mean installing the latest suite of enterprise-level software and hardware products. More generally, however, this definition applies to a range of activities that involve all elements of an organization’s data communications and information technology infrastructures.
For instance, data security measures might include having password encryption on all systems. Having administrative password keys that only a handful of staff members have access to. Using systems that are regularly updated to minimize the risk of unauthorized access. Making sure that all personnel is trained in how to make use of their administrative password keys and how to change them. Implementing physical security measures such as locks on data doors and other points of access.
Beyond these common examples of data security, there are more complicated issues that can arise from an organization’s data communications and technologies. Chief among these is a threat called “remote control vulnerability.” A hacker can use a remote control device, usually one with a wireless modem, to access data that is stored in an organization’s computer network. An employee with a remote control device who is either intentionally or accidentally visiting the wrong site can open up a breach in data security.
Beyond these more traditional threats, data security is also threatened by more technologically sophisticated external threats. One of these is called “cyber espionage” or “digital subversion.” Cyber espionage attacks include hacking into organizations’ mainframe computers to gather data or to obtain confidential information that can be used to sabotage an organization. Digital subversion is another type of threat, in which a hacker breaks into an organization’s mainframe computer system and uses the information gained to spread viruses throughout the organization or to carry out unauthorized attacks on data and infrastructure.
In an effort to combat these more technologically savvy external threats, many organizations are moving away from relying on costly in-house IT to provide them with adequate data security. The trend that is increasing in popularity is outsourcing an IT function to specialized companies. Outsourcing data security and other functions such as network security to specialized companies can give an organization more economical access to technology. The companies that are best suited to handle the technical requirements of an organization’s data security comprise several groups, including managed services companies that focus on specific sectors; information technology consulting firms that specialize in providing mission-critical networks; and cloud computing companies that build customized software solutions tailored to an organization’s specific needs. Other outsourcing options that are growing in popularity include data visualization vendors who create a visual user interface controls for managing the threat of data theft from web applications and databases; and content management vendors who create online content management systems that provide users with the ability to manage their data in a secured and accessible environment.