The evolution and innovation of digital technology along with the rising trend of mobile devices in recent years back dropped the growing need of information security and dramatic change in data management pattern. Security is one of the predominant factors in all sectors of communication. The way we communicate regardless of business or consumer class shaped the entire landscape of security. From personal computer to mobile device, from personal email to corporate documents, it added a whole new dimension to communication and addressed the necessity of enhancing information security.
In this fast, ever-changing, always-connected society, security is not just to protect us from vulnerabilities and attacks. It is also to protect the businesses and tools when we store or exchange sensitive data using various devices. Government sector, financial sector, telecommunication sector, service or retail sector—all these different sectors must implement the underlying digital security aspects in order to deliver its intended digital services without compromising or risking any data.
The CIA (Confidentiality—Integrity—Availability) triad addresses the core principles at the heart of the digital security.
First and foremost is Confidentiality which refers to preventing the disclosure of information to unauthorized individuals or systems, while making sure that the right entities get it. In that regard, it is roughly equivalent to privacy. Various measures ranging from training the relevant people about security risk, data protection to adopting technological means can be taken to ensure this. Such technological means cover authentication by data encryption through various cryptographic mechanisms, like DES, 3DES, AES, and so on. The security of these mechanisms relies on the length of the key used for data protection. Authentication is to make sure that data coming from and received by the entities who are intended for it. Once used, authentication mechanism should ensure any non-repudiation either by sender or receiving entity. Most common user authentication includes two-factor authentication (2FA), biometric verification, smartcard-based authentication using digital certificate along with tokens (both hardware and software). The digital certificate leverages Public Key Infrastructure (PKI)—a framework to ensure information security. It is world’s most generic, most scalable and most interoperable security technology that provides digital identities (certificates) for different users and devices of information and communication systems. Users can use their digital identities for all the security triad protection, such as authentication, digital signature and encryption of cryptographic key.
Data integrity means maintaining and assuring the accuracy, consistency and trustworthiness of data over its entire lifecycle so that data cannot be modified in an unauthorized or undetected manner in transit and reaches the receiver in pristine form as intended by the sender. Certain measures of various depth, for example, encryption, hashing, cryptographic checksums, version control, file permission, user access control are taken into consideration to ensure the integrity of the data. In addition, data alteration may also occur due to non-human-caused events like electromagnetic pulse (EMP) or server crash. To prevent that, backup and redundancy should be available which brings the next point.
Availability ensures that the data is always accessible to those who need it. It is best implemented through rigorous hardware management that includes but may not be limited to high-availability (HA) cluster, redundancy, failover, RAID, disaster recovery (DR), and so forth. Besides hardware, the software and operating system environment should also be properly maintained by regular security patch updates. Providing adequate communication bandwidth and preventing the occurrence of bottlenecks are equally important. Backup should be enforced as a safeguard against data loss caused by unpredictable events. This can be achieved by storing the data in a geographically isolated region, preferably in a different tectonic plate. As extra caution, the physical protection, like fireproof, waterproof, etc. can be considered. Extra security equipment or software such as firewalls and proxy servers can guard against downtime and unreachable data due to malicious actions such as distributed denial-of-service (DDoS) attacks and network intrusions.
For any digital service to become successful and secure, a combination of above data security principles should be designed and used properly. Making the consumers feel safe to avail the services is of utmost priority for any service provider. The underlying design should be considered carefully, the implementation should be robust and updating the security attributes regularly must be maintained. In the end, the cost of security implementation is far less than the cost incurred from any security breach afterwards.
