English | Size: 2.67 GB
What is Data Security?
Data Security is a process of protecting files, databases, and accounts on a network by adopting a set of controls, applications, and techniques that identify the relative importance of different datasets, their sensitivity, regulatory compliance requirements and then applying appropriate protections to secure those resources.
Similar to other approaches like perimeter security, file security or user behavioral security, data security is not the be all, end all for a security practice. It’s one method of evaluating and reducing the risk that comes with storing any kind of data.
Why Data Security?
If the Data Security process is just one of many different ways to structure your organization’s information security systems, what makes it better than competing methods?
Broadly speaking, most other security processes are "user-centric": they focus on questions like:
Is this user allowed to access this data?
Is this person authorized to be on this network?
Is this person abusing system resources?
Which is great and necessary but struggles with many real-world issues like large organizations having hundreds or thousands of servers with haphazardly applied permissions, antiquated user groups and gaps in knowing who is accessing what.
A data-centric security model is a practical way of approaching this from a different direction.
Data vs User Security Models
Imagine a scenario where a user on your customer service team places a spreadsheet containing customer Personally Identifiable Information like Social Security Numbers or other sensitive records onto a globally accessible shared folder.
User Centric Model: this isn’t a problem, everyone has the proper rights to access that file.
Data Security Model: this is a huge problem as sensitive information is now available to every intern, contractor or "coasting through their two weeks notice until they take a new job at your biggest competitor" employee with network access.
This scenario makes plain the big dependency of a Data Security approach: data classification.