What Is Data Security?
Data security is both a legal requirement and a matter of trust between companies and their clients.
Data security and the CIA triad
Data security is the process of protecting digital data from voluntary or involuntary damage, corruption, dissemination or destruction. It relies on three core elements, called the CIA triad: confidentiality, integrity, and availability. This, in short, means that data entrusted to an organisation should only be accessed by authorised personnel, that it should be reliable and unfalsified, and that it must be accessible when needed. If one of these conditions is not met, data security is breached.
Ensuring data security
There are different types of data security controls, each corresponding to one (or more) element(s) of the CIA triad. Authentication verifies users’ credentials; regular data backups ensure that no data can be lost for good; algorithmic encryption (either through software or hardware) renders the data unreadable and unhackable; data masking hides the data behind proxy characters; tokenization uses random substitute characters, so it cannot be reversed by an algorithm, and erasure permanently gets rid of sensitive data that has become irrelevant. These controls are part of a global data security strategy: companies must know where their sensitive data is, continuously monitor it and equip themselves with a plan for data governance.
Why data security matters
Protecting data from unauthorised access, cyberattacks and breaches is both a legal and moral obligation for any organisation. On top of domestic laws, there are international frameworks regulating data security.
In the EU, the General Data Protection Regulation (GDPR) of 2018 renders companies accountable for their handling of personal data. International standards ISO/IEC 27001:2013 and ISO/IEC 27002:2013 establish that all data should be owned, so it is clear who bears the responsibility of protecting it.
After major security breaches on Facebook, Twitter or MyHeritage, and in the wake of the Cambridge Analytica scandal, data security has also become a central matter of trust between companies and their customers. In short, not protecting your users’ data is a losing game.
Stay in the loop
Subscribe to our email newsletter. No spam, just occasional insight from our experts.