The most important aspect of any company's cybersecurity strategy revolves around how to keep enterprise data protected and how to prevent data loss. This includes data at rest, in transit and in use.
Data security technologies come in a variety of forms, including the following:
- authentication and authorization
- data masking
- hardware-based security
- data backup and resilience
- data erasure
Each of these has the same goal: keeping data safe and protected.
What is data security and why is it important?
Data security refers to the practice of protecting data from theft, loss or unauthorized access throughout its lifecycle.
Data breaches are a continuing issue for organizations. A ThoughtLab report found a 15.1% rise in the number of data breaches and cyber attacks in 2021 over 2020. Data breaches not only expose enterprise data, but also open companies up to lawsuits and fines.
Data security practices, policies and technologies are also key to keeping internal users from conducting inappropriate actions with any data.
Data security is important because it helps with the following:
- keep intellectual property safe;
- prevent financial losses;
- maintain customer trust; and
- ensure compliance with several regulatory standards is met.
Types of data security technologies
Data security is paramount because attackers relentlessly look for any and all vulnerabilities to infiltrate corporate networks. To keep data properly protected, enterprises can use the following seven technologies.
This article is part of
A firewall is the initial security layer in a system. It is designed to keep unauthorized sources from accessing enterprise data. A firewall serves as an intermediary between a personal or enterprise network and the public internet. Firewalls use pre-configured rules to inspect all the packets entering and exiting a network and, therefore, help stop malware and other unauthorized traffic from connecting to devices on a network.
Different types of firewalls include the following:
- basic packet-filtering firewalls
- circuit-level gateways
- application-level gateways
- stateful inspection firewalls
- next-generation firewalls
2. Authentication and authorization
Two processes are used to ensure only appropriate users can access enterprise data: authentication and Authorization.
Authentication involves users providing proof that they are who they claim to be. This proof can be providing a secret, such as password or PIN, or biometric authentication. Depending on the authentication scenario, users may be required to provide one or more additional factors when signing in, known as two-factor authentication or multifactor authentication (MFA). Step-up authentication maybe also be required if a user attempts a more restricted action after successfully logging in initially.
Examples of authentication are the following:
- biometric scans
- behavioral scans
Once users have proven their identity, authorization determines whether the user has the appropriate permissions to access and interact with specific data. By authorizing users, they gain permissions within the system to read, edit and write different resources.
Examples of authorization are the following:
- principle of least privilege access
- attribute-based access control
- role-based access control
3. Data encryption
Data encryption converts data into coded ciphertext to keep it secure at rest and while in transit between approved parties. Encrypting data ensures only those who have the proper decryption key can view the data in its original plaintext form. Encrypted data is meaningless if captured by attackers.
Examples of data encryption are the following:
- asymmetric encryption, also known as public key encryption; and
- symmetric encryption, also known as secret key encryption.
Keeping data at rest protected involves endpoint encryption, which can be done via file encryption or full-disk encryption methods.
4. Data masking
Data masking obscures data so that, even if criminals exfiltrate it, they can't make sense of what they stole. Unlike encryption, which uses encryption algorithms to encode data, data masking involves replacing legitimate data with similar but fake data. This data can also be used by the company in scenarios where using real data isn't required, such as for software testing or user training.
Tokenization is an example of data masking. It involves replacing data with a unique string of characters that holds no value and cannot be reverse-engineered should it be captured by bad actors.
Other examples of data masking are the following:
- data deidentification
- data generalization
- data anonymization
5. Hardware-based security
Hardware-based security involves physical protection of a device rather than relying solely on software installed onto the hardware. Because attackers target every IT layer, companies need protections built into the silicon to ensure hardened devices.
Examples of hardware-based security are the following:
- hardware-based firewalls
- proxy servers
- hardware security modules
Hardware-based security often runs isolated alongside the main processor, such as with Apple's Secure Enclave.
6. Data backup and resilience
Organizations should save multiple copies of data, especially if they want to fully recover following a data breach or other disaster. With data backups in place, companies can resume normal business functions faster and with fewer hiccups. To ensure data resilience, organizations need protections in place to keep the backed-up data secure and ready for use.
One example of data backup protection is data vaulting, which creates air-gapped versions of backed-up data. Organizations should also follow a 3-2-1 backup strategy, which results in at least three saved copies of data in different locations.
Other types of data backup protection include the following:
- cloud backup
- external hard drives
- hardware appliances
7. Data erasure
It is important organizations properly delete data and ensure that deleted data is not recoverable. Known as data erasure, this process involves completely overwriting stored data so that it cannot be recovered. Also known as data destruction, data erasure often involves turning data illegible after erasing it.
Organizations must be able to properly destroy data, especially in the wake of regulations such as GDPR, which stipulate customers can request the erasure of their personal data.
Other types of data erasure include the following:
- data wiping
- physical destruction