What is data security?

Why is data security important?

Data security is the practice of protecting digital information from unauthorized access, corruption or theft throughout its entire lifecycle. It’s a concept that encompasses every aspect of information security from the physical security of hardware and storage devices to administrative and access controls, as well as the logical security of software applications. It also includes organizational policies and procedures.

When properly implemented, robust data security strategies will not only protect an organization’s information assets against cybercriminal activities, but they'll also guard against insider threats and human error, which remain among the leading causes of data breaches today. Data security involves deploying tools and technologies that enhance the organization’s visibility into where its critical data resides and how it is used. Ideally, these tools should be able to apply protections such as?encryption, data masking and redaction of sensitive files, and should automate reporting to streamline audits and adhering to regulatory requirements.

Business challenges

Digital transformation?is profoundly altering every aspect of how today’s businesses operate and compete. The sheer volume of data that enterprises create, manipulate and store continues to grow, driving a greater need for data governance. In addition, computing environments are more complex than they once were, routinely spanning the public cloud, the enterprise data center and numerous edge devices ranging from Internet of Things (IoT) sensors to robots and remote servers. This complexity creates an expanded attack surface that’s more challenging to monitor and secure.

At the same time, consumer awareness of the importance of data privacy is on the rise. Fueled by increasing public demand for data protection initiatives, multiple new privacy regulations have recently been enacted, including Europe’s General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA). These rules join longstanding data security provisions such as the Health Insurance Portability and Accountability Act (HIPAA), protecting electronic health records, and the Sarbanes-Oxley Act (SOX), protecting shareholders in public companies from accounting errors and financial fraud.?The need for data compliance (PDF, 888 KB)?is magnified by maximum fines in the millions of dollars. Every enterprise has a strong financial incentive to ensure it maintains compliance.

The business value of data has never been greater than it is today. The loss of trade secrets or intellectual property (IP) can impact future innovations and profitability. So, trustworthiness is increasingly important to consumers, with a full 75% reporting that they will not purchase from companies they don’t trust to protect their data.??

Thought leadership

Data security as business accelerator?

Data security can give companies a competitive edge. In partnership with AWS, we shine the spotlight on this unsung hero.

Related content

• Subscribe to the IBM newsletter

Types of data security

Encryption

Using an algorithm to transform normal text characters into an unreadable format, encryption keys scramble data so that only authorized users can read it.?File and database encryption solutions?serve as a final line of defense for sensitive volumes by obscuring their contents through encryption or tokenization. Most solutions also include security key management capabilities.

Data erasure

More secure than standard data wiping, data erasure uses software to completely overwrite data on any storage device. It verifies that the data is unrecoverable.

?

Data masking

By masking data, organizations can allow teams to develop applications or train people using real data. It masks personally identifiable information (PII) where necessary so that development can occur in environments that are compliant.

Data resiliency

Resiliency is determined by how well an organization endures or recovers from any type of failure—from hardware problems to power shortages and other events that affect?data availability (PDF, 256 KB). Speed of recovery is critical to minimize impact.

Data security capabilities and solutions

Data security tools and technologies should address the growing challenges inherent in securing today’s complex, distributed, hybrid, and/or multicloud computing environments. These include understanding where data resides, keeping track of who has access to it, and blocking high-risk activities and potentially dangerous file movements. Comprehensive data protection solutions that enable enterprises to adopt a centralized approach to monitoring and policy enforcement can simplify the task.

Data discovery and classification tools

Sensitive information can reside in structured and unstructured data repositories including databases, data warehouses, big data platforms, and cloud environments.?Data discovery and classification solutions?automate the process of identifying sensitive information, as well as assessing and remediating vulnerabilities.

Data and file activity monitoring

File activity monitoring?tools analyze data usage patterns, enabling security teams to see who is accessing data, spot anomalies, and identify risks. Dynamic blocking and alerting can also be implemented for abnormal activity patterns.

Vulnerability assessment and risk analysis tools

These solutions ease the process of?detecting and mitigating vulnerabilities?such as out-of-date software, misconfigurations, or weak passwords, and can also identify data sources at greatest risk of exposure.

Automated compliance reporting

Comprehensive data protection solutions with?automated reporting capabilities?can provide a centralized repository for enterprise-wide compliance audit trails.

Data security strategies

A comprehensive data security strategy incorporates people, processes, and technologies. Establishing appropriate controls and policies is as much a question of organizational culture as it is of deploying the right tool set. This means making information security a priority across all areas of the enterprise.

Physical security of servers and user devices

Regardless of whether your data is stored on-premises, in a corporate data center, or in the public cloud, you need to ensure that facilities are secured against intruders and have adequate fire suppression measures and climate controls in place. A cloud provider will assume responsibility for these protective measures on your behalf.

Access management and controls

The principle of “least-privilege access” should be followed throughout your entire IT environment. This means granting database, network, and administrative account access to as few people as possible, and only those who absolutely need it to get their jobs done.

Application security and patching

All software should be updated to the latest version as soon as possible after patches or new versions are released.

Backups

Maintaining usable, thoroughly tested backup copies of all critical data is a core component of any robust data security strategy. In addition, all backups should be subject to the same physical and logical security controls that govern access to the primary databases and core systems.

Employee education

Training employees in the importance of good security practices and password hygiene and teaching them to recognize social engineering attacks transforms them into a “human firewall” that can play a critical role in safeguarding your data.

Network and endpoint security monitoring and controls

Implementing a comprehensive suite of threat management, detection, and response tools and platforms across your on-premises environment and cloud platforms can mitigate risks and reduce the probability of a breach.

Data security trends

AI

AI amplifies the ability of a data security system because it can process large amounts of data. Cognitive computing, a subset of AI, performs the same tasks as other AI systems but it does so by simulating human thought processes. In data security, this allows for rapid decision-making in times of critical need.

?

Multicloud security

The definition of data security has expanded as cloud capabilities grow. Now organizations need more complex solutions as they seek protection for not only data, but applications and proprietary business processes that run across public and private clouds.

Quantum

A revolutionary technology, quantum promises to upend many traditional technologies exponentially. Encryption algorithms will become much more faceted, increasingly complex and much more secure.