Data Security

Introduction

            Increased automation in today’s world has led to major changes in how businesses and organizations operate. The use of computer systems and programs to carry out various tasks results to high volumes of data that is processed and stored for use in day to day running of organizations. The availability, integrity, and quality of data are key aspects in ensuring that all the stored data serves to fulfill its purpose appropriately. Many companies store the sensitive personal information about their customers and employees in files or network. It is necessary to have a reliable security plan that allows the collection of the needed data, keeping it safe, and disposing it securely and meeting the legal obligations to protect the sensitive data. By definition, data security refers to the protective digital privacy measures put in place to prevent any unauthorized access to computer systems, databases, and websites. It also protects data from corruption by malicious people and is an essential tool for IT for different organizations of all sizes and types. Data security also entails information security and computer security that seek to ensure that the stored data is available for use when necessary (Bishop, 2003). 

There are various technologies used in data security that include backups, data masking, authentication, and encryption among others. Encryption makes data, software, and hard drives unreadable to unauthorized users and hackers. Authentication is a common practice on data security where users have to provide a password, code, biometric data, and other forms of data to verify their identity before they gain access to a system. No organization can underestimate the value of data security hence necessary to have strategies that enhance it. Data security protects health care records, financial transactions, genetic material, browsing history, and personal communications. The research paper provides a comprehensive discussion of data security focusing on the involved technologies, its importance, threats, and strategies for enhancing data security.

            Data security and privacy issues are significant challenges to organizations as they strive to meet various critical and complementary issues. Data security seeks to control access to data whereas data privacy defines the access to data by the policies and laws governing privacy. There are guidelines on who ought to view the various types of data in an organization. Data security and privacy are at risk with the growth and proliferation of data from the cloud, analytical work, big data initiatives, and continued incidences of data breaches. As such, it is necessary to understand the sensitive risks to data security and privacy and the processes of analyzing data risk. After identification of the type and level of risk, it is important to take necessary steps and strategies in ensuring that data is safe.        

            The effects and costs of security breaches are common and involve loss of jobs, loss of revenue, and administration nightmares. Data volumes continue to grow, and the reliance on the traditional security strategies is no longer safe for the sensitive data. Attacks continue to be more persistent and sophisticated that makes it easy to breach the traditional security measures. As such, additional safeguards are necessary for the protection of sensitive information. Companies cannot continue to rely on the existing data security methods since new threats and risks are evident quite often. Data security solutions ought to be accessible, un-intrusive, agnostic in deployment and technology as well as adaptable. The solution should manage to access data wherever it is, and data must be protected from corruption. Data security solutions should also be un-intrusive to enable it to work within existing architectures without requiring changes to the existing databases and applications. The solution to data security ought to be deployable to various models and also easy to work with the existing technology. The solution should also be adaptable to handle a wide range of cases.         

Data security technologies

            Data encryption is a technology that makes it difficult for unauthorized users to gain access to data. There are software and hardware based methods of data protection that aim to enhance data security. Software-based solutions protect data from theft by malicious programs and hackers who corrupt the data making it unrecoverable. Hardware-based security methods prevent the read and write access to data and offer strong protection against unauthorized access and tampering. Hardware devices allow users to log in, log out, or set the privilege levels manually. The device can use biometric technology to hinder the malicious users from accessing it. An illegal access by malicious is interrupted due to the state of the user. Hardware-based access control provides better security than that provided by the operating systems since there are vulnerable to malicious attacks by hackers. Data on disks can be corrupted after a malicious person gains access to it. As such, data security is obtained by having a combination of both the hardware-based security as well as securing the system administration policies.

            Backups are useful in ensuring that the lost data can be easily recovered from another source. It is important to keep backups of any data in an organization for use when a disaster falls. Data backups are vital in every successful disaster recovery plan. Organizations back up the data they consider vulnerable in the event that data corruption, hardware failure, malicious hacking, user error, and other unlikely events occur (Zeng, Yu, & Lin, 2011).  Backups ensure that an organization’s practices and technologies used for data security and data replication are up to date. The main goal is to ensure rapid and reliable data retrieval if a needs arise. It is necessary to have frequent backs to data as a major aspect in enhancing data security.

            Data masking of structured data is a process that involves obscuring particular type of data within a database table to ensure that data security is maintained and all the sensitive information is not prone to unauthorized personnel. The process includes masking data from the users, developers, and vendors. A typical example of data masking is the practice where the banking customer representatives see only the last few (4) digits of a card number to enhance customer data security.  

            There is no single data security tool that protects all the existing data against different forms of attack. As a consequence, there exist various technologies that provide a comprehensive security infrastructure to protect against different types of defense in depth attacks. The various safeguards to data security include Internet Protocol security (IPSec), Encrypting File System, and Syskey. Internet Protocol security is a structure for open standards that ensure private and secure communications over IP networks by using cryptographic security services. IPSec offers security to private network and Internet attacks by use of end-to-end security. The sending and the receiving computers are the only ones that ought to know about IPSec. Despite IPSec providing strong data security for the data transmitted on an IP network, it fails to protect the data stored on a disk.

            Encrypting File System (EFS) helps to store data securely. E.F.S is an integrated with the file system making it easy to manage, challenging to attack, and easy to use. The method is appropriate for securing data from vulnerabilities of theft, but can also protect the sensitive data stored on a device. Its design allows it to store data securely on computers but does not support secure transmission of files across a network. IPSec and EFS can be used together to reinforce data security technologies.

            Syskey is a technology that helps to manage a startup key that protects all the system’s keys. Users have a master key used to protect other keys used by applications and services. A start-up is used to decrypt the master key when starting up a system and then used for encryption of all the other private keys on the computer. The private keys are generated automatically and applied to computers in a domain though must be manually configured on other computers. The use of startup key security is increased by storing the key on a removable media or having to input a system startup password (Miller, Long, Freeman & Reed, 2002).

Data security in Cloud computing

            As Sun, Zhang, Xiong, and Zhu (2014) explain, data security has been a significant issue in IT and more serious in cloud computing since data is located in different places across the globe. Data security and privacy protection are the major concerns in cloud computing. The two aspects are becoming more relevant to hardware and software used in cloud technologies. Cloud computing is the next generation aspect in a computation where applications and resources will be delivered over the Internet. It is very promising for IT applications, but there are problems associated with personal use and enterprise use for storing data and applications in the cloud environment. Data security in cloud technology is associated with issues such as compliance, privacy, trust, and legal matters. Data security becomes serious in cloud computing since data is spread out in various machines and storage devices, servers, and wireless networks.

            Cloud computing saves an organization’s time and money, but building trust on the system is crucial since the major asset is data shared in the cloud for use in certain services (Chen, & Zhao, 2012). Trusting the entire system is dependent on the data protection and prevention techniques used. There have been various tools and techniques introduced by researchers for data protection, but there are gaps that require attention to make the systems reliable and effective. The main issues in the cloud are resource security, resource management, and resource monitoring. At present, there are no standard guidelines and regulations on the deployment of applications in the cloud and there lacks standard rules and regulations to apply applications in the cloud. Other inherent issues in data security, governance and management include privacy and helping users to identify the tangible and intangible threats to the use of cloud computing. Several techniques are used in cloud computing through security aspects including data integrity, confidentiality, and availability. Data privacy issues and technologies, as well as methods of enhancing the user's trust by securing data in cloud computing, are crucial aspects of consideration (Sun, Zhang, Xiong & Zhu, 2014).                             

Importance of data security

            Data security is a critical aspect of most businesses and home computer users. It becomes hard to replace client information, payment information, personal files, and bank details when it malicious gains accesses to wrong hands. The data lost to disasters can be replaced through backups, but losing data to hackers and other malware infections have significant consequences. Data security is crucial for businesses since it helps to understand the risks faced and the valued earned when business users and clients trust an organization security controls (Vonnegut, 2016).

            Big firms have access to sensitive data for millions of people, and any data breach makes them potential victims of identity theft. Client information, health information, financial overview details as well as propriety information is hard to replace and dangerous if it falls prey to a hacker. It shows the importance of ensuring data security. According to Symantec security firm estimates, more than 500 million identities were exposed in 2015. The data translates to about 7 % of the world population exposed to hackers (Vonnegut, 2016). The number could be higher since some companies choose not to reveal the extent of the data breaches that occur in their organizations.     

            Data security is crucial for protecting businesses from the loss of credibility and opportunities in business associated with data breaches. Companies report a loss of customers and revenues whenever their data and information files are compromised.

            Most of the corporate information is securely stored in databases with different labels for various types of data. It is necessary to ensure database security since it holds the backbone of an organization’s operation including transactions, customers, employee information, and financial data for the company and the clients. Many database administrators lack adequate security training thereby subjecting the entire company’s information at risk of breach. Organizations can invest a lot of time, finances, and workforce in the attempts of securing the online assets, but the single weak spot could make the entire database be compromised. Some hackers spend a very short duration to get in and out of a database having acquired large chunks of data for malicious use. Hackers seek for databases for financial gain since they threaten the target company of misusing its data unless they part with huge sums of money (Duverge, 2016).

            It is important to ensure data security for enhancing confidentiality, integrity, and availability in a database. The aspects of confidentiality, integrity, and availability form the foundation of information security, database security, and all facets of data security measures. Confidentiality is crucial in database security and is usually managed through encryption both for the data in transit and at rest. Integrity is a significant aspect of database security since it ensures that only the authorized people have the privilege to access company information (Duverge, 2016). Database integrity is ensured by installing user access control system that stipulates the permissions for who can access data and which type. However, data integrity is more than permissions. There are several considerations that enhance database integrity such as authentication protocols, strong passwords, and related policies and safeguarding all the accounts. Availability is the ability for databases to be up to date and reliable for use when needed. Databases should be dependable and functional.    

            Data security is imperative in each organization since it protects the sensitive and confidential information within the organization. In spite of being aware that data security is necessary, most companies are ignorant of the importance of having strong data security. The simple act of having complex passwords and firewall to block unauthorized users is not adequate to prevent hackers from gaining access since they regard the measures as minor setbacks. Data breach statistics reveal that very few of the total breaches are involved in encrypted data which shows that many companies have not invested in strong encryption and others take no precautionary measures (Hoyt, 2012).   

            Data security remains to be a major issue for business and organizations since it drives the business operations. Data loss has become a leading cybersecurity challenge faced by the medium and large businesses. It damages organizations in various ways and is expensive to manage with losses being estimated at approximately USD 200 per incident of the breach and an average of $ 6.8 million for the total breach (Vonnegut, 2016). Natural disasters are known to affect data security since they destroy an organization’s catalogs, websites, inventory of products, and the mailing list useful for communicating to the clients. The need to have an appropriate and reliable data security is crucial since such disasters cannot be controlled, but data can be restored after they occur.     

Causes of Data security threats

            Most of the data breaches that occur in organizations can be avoided by understanding the process of attack. A major cause of the threats is external intrusions where third parties gain access to company’s information centers. Traditionally, the perpetrator used to gain access to a system via intrusion which formed the basis of hacking. External intrusions occur when a third party gains user credentials, hacks personal devices using the organizational network and finds gaps in the security application.

            Employees have in the past participated in data breaches through malicious or accidental actions. An example is the use of phishing that makes employees share their details with a hacker. Employees ought to be educated on the dangers of phishing to prevent the embarrassments associated with security breaches (Bohli, Gruschka, Jensen, Iacono & Marnau, 2013). Company insiders are a threat to data security when they are unsatisfied, moving to a different company, and if they have financial challenges. Security breaches planned by company employees are successful since they have privileges in the access to data and information centers.

            Stolen and lost devices and documents are considerate causes of security breaches. Some of the incidents happen accidentally, but others are planned in advance by hackers with a motive of acquiring sensitive data. Hackers find it easy to steal devices than hack a database when employees expose their devices when out of office that increases the risk (Duverge, 2016). Such breaches affect small organizations whose features and data protection systems are stored in single databases. The exposure of company data to hackers and other interested parties is detrimental to the attempts of securing its information centers since it is liable for compromise.

            Hackers also use social engineering and fraud to gain access to information since it contributes significantly to breaches. Social engineering entails coercing an individual to hand over their credentials and use them to access a system. It is not a common data breach but has been used in situations where hackers acquire the credentials of a vendor to access a target system. They later install malware that steals every detail of the credit card number used at the facility. It would be necessary to have two-factor identification and proper training to employees to prevent social engineering attacks, though it is challenging to detect it.

            Data security works with strong preventative policies to backing up the technology. The discussed data security measures are effective, but there can also be other strategies that ensure that the technologies used in data security are free from malicious use. Among them is keeping up with patches. In a research by HP in 2014, it was discovered that a third of emerging hacking tools used windows exploitation that was patched in 2010. A patch had already been released, but many users had not updated their patches thereby subjecting them to vulnerabilities in security breaches. Patches prevent hacks from being executed, but companies have many computers in their network that makes it challenging to have latest patches to all. It is necessary to keep track of patches as required by computers to enhance data protection measures (Duverge, 2016).

            Large populations of average American homes have laptops, smartphones, tablets and other devices connected to the internet that subjects them to a risk of many avenues for a hacker to enter. Many companies are not certain of the number of computers they have and other devices connected to their network. It makes such devices easy for targeting and several of the high-profile hacks occur in the instances where hackers realize that devices connected to a network lack proper protections. Hackers capitalize on the gaps in an organization’s security protections to gain entry to the sensitive data. As such, it is needful that companies have guidelines on the use of personal devices in accessing corporate information to reduce the chances of breaches (Li, Lou & Ren, 2010).

Threats to data security

            There are various threats to an organization’s data security and information system, hence necessary to have broad approaches to data security protection. Data security programs help to ensure adequate protection of the sensitive data despite all networks being vulnerable to cyber security threats. Several threats to data security have been identified and discussed. Many organization lacks established security architecture in place that leaves their networks susceptible to exploitation and loss of personal related information. The lack of resources and qualified IT professionals make the users connect to the internet directly with default configurations on board and without an additional layer of protection. The use of firewall in isolation is not a sufficient method of ensuring the safety of the network which results to increased vulnerability of data, software, and hardware to malware, viruses, and hacking. It is necessary to ensure that the installed anti-virus software is configured appropriately to safeguard the stored data.

            Computers that run on various software applications, including their older versions are likely to have vulnerabilities used by malicious subjects. It is necessary to keep updated with software and upgrades as well as applying manufacturer recommended patches to minimize vulnerabilities. A robust patch management program can be utilized to identify the vulnerable software applications and update them regularly. Malicious individuals and hackers target individuals and organizations through the use of phishing and targeted attacks that seek to gain access to personal information through emails having malicious code. Any attempt to open infected emails tends to compromise the user’s machine and could lose sensitive data to the hacker. Vulnerability to Phishing and email security scams can be reduced by installing professional enterprise-level-email security software. The software checks all the incoming and outgoing messages to ensure that spam messages do not compromise the system. Some malicious codes are transferred to computer systems through browsing web pages without security updates. Browsing the internet and opening unsecured websites could result in having malicious software installed on an organization’s computer thereby compromising the stored data files.

            Poor configuration management makes computers vulnerable to attack as long as they are connected to a network. The use of weak data security protection methods fails to restrict machines from connecting to vulnerable networks (Rao & Selvamani, 2015). It is important to have policies that guide connections of hardware to a network. The use of mobile devices such as laptops and smartphones is uncontrolled, and the ability to secure them lags behind. The situation is complex since the devices are often used to perform other tasks away from the regular security boundaries of an organization. Data breaches are common in various ways including loss of devices, theft, or compromise of security by malicious code. Data security can be enhanced by encrypting all data on the mobile devices that store sensitive information. User authentication and anti-malware solutions are available for the mobile devices, but it is necessary to implement strict mobile device user policy and also monitor the network for any malicious activity (Hoyt, 2012). The delegation of the bulk of data to protection services such as the third party changes the enterprise security architecture. The use of cloud computing involves the storage of large amounts of data in shared resources thereby raising issues with data encryption and availability. The provider faces challenges in data security and responsibilities similar to the organization owning the data. The use of removable media in the form of flash drives, compact drives, and external hard drives pose a security threat to an organization. The lack of reliable protection makes the media systems a pathway for malware to move from one host to another. It is necessary to follow proper security measures to avoid compromising the data security of the existing organizational data.             

Key threats

            Hacking and data breaches are the common types of insecurities affecting data, but not the only methods. Ransomware has become a more commonplace of attack. As reported by Kaspersky, Ransomware is a malware that restricts access to computer, devices or files until the user pays certain ransom value. It is an illegal way of making money that is easily installed through malicious links to email messages or website. The motivation behind cyber attacks such as cyber crime, cyber espionage, and cyber warfare are major threats to data security.

            Other than threats to data security from the technical realm, data security can be compromised from within an organization. Employees are prone to errors where data is lost accidentally through deleting or overwriting files. Most of the data breaches are associated with staff error, and some dishonest employees sell their corporate credentials and authentication details to hackers for financial gains. Employees also share their login information used in corporate applications with other members of their departments thereby increasing the potential that passwords sold are not their own (Li, Lou & Ren, 2010).

            The risks associated with data vary from one organization to another by the type of information and its relevance to the company operations. Company plans, finances, and employee information are crucial for day to day running, hence ought to be protected from threats. A significant data security threat is SQL injections to databases. They are initiated by a database or a web application acting as a front-end to a database. The occurrence of SQL injection flaws in web applications is common and easy to exploit. SQL injection occurs when placed in before execution in a database, or web application is hosting the database. The attacker's device a malicious input that allows them to gain access to the sensitive data, give them enhanced privileges, and exploits. They can access the databases, and the operating system commands used by the database which is detrimental to the organization’s data security (Subashini & Kavitha, 2011). Many organizations have large databases that hackers like to tamper with; hence staying secure is necessary to prevent the costly incidents. Database administrators ought to scan their databases regularly to ensure that they prevent unnecessary costs associated with hacking and security breaches.

            Buffer overflow vulnerabilities are also common security problems for the data stored in company databases. Such vulnerabilities arise when a program attempts to copy high data volumes in a memory buffer that cause the buffer to overflow and overwrite the data existing in the memory. Buffer overflow vulnerabilities pose a significant threat to databases having sensitive information. They allow attackers to take advantage of the vulnerability to set unknown values to known values and also mess up with the logic of the program.

            Denial of service (DoS) attacks occur quite often trough buffer overflows, data corruption and other types of consumption to the server's resources (Srivatsa & Liu, 2004). The attacks tend to crash the server and render it unreachable as long as the attack is sustained. Other threats occur in the form of privilege escalation and weak authentication. Privilege escalation is a serious threat that results in the malicious modification, deletion, or addition of data. If the data affected is sensitive to the organization, it can cause havoc to the entire functional operations. Weak authentication affects data security and integrity. Ill-motive persons steal the identity of a user and use it to gain access to confidential data that pose risks to the organization’s data and database security.   

Strategies for enhancing data security

            Data Protection Acts and other data security laws help to ensure that personal data is accessible to only the people concerned and provides solutions to individuals if certain issues arise. The importance of data security has increased due to increased cases of security breaches and the adoption of data protection regime called the General Data Protection Regulation. Companies are required to report all incidents involving data security within 24 hours and punishments to data breaches is fines of percentages of company’s annual turnover. Regarding fines and penalties related to data breaches, the size of data matters and not the size of the company. 

            Comprehensive data security starts with an overall strategy and risk assessment. It helps to identify human error involving mistaken data processing, disposal or input errors. It is necessary to install conscious privacy ethics in an organization to address and prevent future data breach incidents (Hoyt, 2012). New employees ought to undergo induction on data security measures before using the organization technological systems. There is also need for maintaining proper device hygiene as well as antivirus software across the organization to fill any existing gaps to data security.

            It is important to protect databases for confidentiality, integrity, and availability by taking several measures related to data security. Database administrators should understand the business value and the relevance of ensuring that all the data is secured and providing the necessary resources to implement it. SQL injections can be prevented by the use of parameterized queries that keep malicious queries away from the database. Static Code Analysis is also important for organizations developing applications used as portals to a database to slash SQL injection, buffer overflow, and misconfiguration issues.  It is also necessary to maintain CIA by keeping the databases updated, removing unknown components, enforcing the least privilege parameters and ensuring confidentiality, integrity, and availability of the databases.

            The maintenance of availability can be through installing an uninterruptible power supply that ensures that forced shutdown does not lead to loss of data. Features and services should only be kept to what is essential for the company to operate smoothly with databases. An organization that has many features and services pose a threat for hackers to poke holes and gain access to a database. Data masking can also be effective in enhancing data security as it involves allowing users to access information without viewing it.      

            Policies form the basis of data security processes. They define how organizations conduct security implementation within the organization, and the policies need not be complex. They only require having specific details and address the major security issues specific to the organization. It is necessary to have a set of procedures and guidelines to ensure that the organization adheres to correct implementation of data security in the organization. Procedures should have specific details to ensure that new and unfamiliar people in an organization can follow procedures and complete implementation (Von Schomberg, 2011).

            Encryption should not be taken at stake since it is a critical component of data security. Strong encryption assures that it is unbreakable since hackers can exploit any existing loopholes in encryption. Companies ought to invest in strong encryption systems to safeguard the private and confidential data. Most of the data hackers are due to a lack of strong and reliable encryption measures. When a company has data encryption features, hackers who gain access to data can do nothing with it. The secret is to have encryption at all levels. Companies should also build a culture that upholds security to their existing data. The need to build a strong security culture is crucial in the organization since it determines the sustainability of the organization in information risk. A security culture can be created through having security training programs, educating employees on the necessity of data security as well as supporting security training for the security and IT staff. The strategies help to foster a positive security culture where every employee is involved and understands the importance of reliable data security within the organization. Data security specialists ought to understand that having data security is not adequate, but a strong one enhanced by encryption. The goal is to protect the sensitive data and to ensure that the organization is aware of the potential hacking and cyber criminal activities (Rao & Selvamani, 2015).

             The choice of the right data center is critical to ensuring data security. A secure and remote storage option is crucial and the choice of the provider of the data center ought to be SSAE 16 compliant. For processing payment information such as using credit cards, it is necessary to ensure that the data center is PCI compliant. PCI standards are useful in addressing high-profile security breaches. The data center should build and maintain a secure data network, protect the card bearer, and maintain vulnerability control program. Adhering to PCI entails the implementation of a strong access-control measure, regular monitoring, and testing networks, maintaining information security policy, and ensuring that hard data is also secure. Many organizations have secure online backups, secure network communications, and servers are kept in secure environments. However, other types of data lie unsecured through technology strategies, and no one takes measures to secure it. Organizations have filing cabinets that hold organizational history for several decades which is sensitive information to their functioning. The occurrences like fire or floods are likely to lead to data loss and are also challenging to reconstruct. Most of the technology methods neglect the important source of information since it is not easy to search for the relevant data found in them. Most of the data in the filing cabinets are crucial for an organization’s day-to-day operations, hence necessary to have effective information technology and data security measures account for all data and change the unstructured data into structured (Bohli, Gruschka, Jensen, Iacono & Marnau, 2013). The method makes it easier to include all data and information files in the overall information technology strategy.    

            Corporate data security and privacy are important since the magnitude of information processed and kept by companies continues to increase. Technological advances render companies to more access to data about their clients and customers and have to assess that data security and privacy are a priority.

Conclusion

            The research paper provides a comprehensive discussion on data security. From research, it is confirmed that data security is a crucial aspect in IT management since it ensures that all the business functions involving data operate smoothly. The various aspects of data security discussed are technologies involved, the importance of data security, threats to data security, causes of the threats and the strategies for enhancing data security. Various technologies can be used to enhance data protection measures as discussed with the aim of sealing loopholes in data security. Data security is important because it ensures that the existing organizational data follows the principles of integrity, availability, and confidentiality. It also helps to understand the associated risks and methods of safeguarding against them. Companies that invest heavily in data security are less prone to security breaches planned and executed by malicious people. Most of the threats to data security can be prevented by having effective policies and data protection measures such as encryption, choosing a reliable data center and training users on data security. The common threats identified in the research include denial of service, Buffer overflow vulnerabilities, weak authentication, hacking, data breaches, and insider plans. It is crucial to ensure effective remedies for data security to ensure that companies are protected against unnecessary breaches.   

References

Bishop, M. (2003). What is computer security? IEEE Security & Privacy, 99(1), 67-69.

Bohli, J. M., Gruschka, N., Jensen, M., Iacono, L. L., & Marnau, N. (2013). Security and privacy-enhancing multi-cloud architectures: IEEE Transactions on Dependable and Secure Computing, 10(4), 212-224.

Chen, D., & Zhao, H. (2012) Data security and privacy protection issues in cloud computing. In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on (Vol. 1, pp. 647-651) IEEE

Sherry Roberts is the author of this paper. A senior editor at MeldaResearch.Com in best custom research papers if you need a similar paper you can place your order from nursing paper writing service.