https://www.ibm.

com/topics/data-security
What is data security?

Data security is the practice of protecting digital information from

unauthorized access, corruption or theft throughout its entire
lifecycle.
This concept encompasses the entire spectrum of information
security. It includes the physical security of hardware and storage
devices, along with administrative and access controls. It also
covers the logical security of software applications and
organizational policies and procedures.
When properly implemented, robust data security strategies protect an organization’s
information assets against cybercriminal activities. They also guard against insider threats and
human error, which remain among the leading causes of data breaches today.

Data security involves deploying tools and technologies that enhance the organization’s visibility
into the location of its critical data and its usage. Ideally, these tools should be able to apply
protections such as encryption, data masking and redaction of sensitive files, and should
automate reporting to streamline audits and adhering to regulatory requirements.
Business challenges

Digital transformation is profoundly altering how businesses operate and compete today.
Enterprises are creating, manipulating and storing an ever-increasing amount of data, driving a
greater need for data governance. Computing environments have also become more complex,
routinely spanning the public cloud, the enterprise data center and numerous edge devices such
as Internet of Things (IoT) sensors, robots and remote servers. This complexity increases the risk
of cyberattacks, making it harder to monitor and secure these systems.
At the same time, consumer awareness of the importance of data privacy is on the rise. Public
demand for data protection initiatives has led to the enactment of multiple new privacy
regulations, including Europe’s General Data Protection Regulation (GDPR) and the California
Consumer Protection Act (CCPA). These rules join longstanding data security laws such as the
Health Insurance Portability and Accountability Act (HIPAA), protecting electronic health
records, and the Sarbanes-Oxley Act (SOX), protecting public company shareholders from
accounting errors and financial fraud. Maximum fines in the millions of dollars magnify the need
for data compliance; every enterprise has a strong financial incentive to ensure it maintains
compliance.
The business value of data has never been greater than it is today. The loss of trade secrets or
intellectual property (IP) can impact future innovations and profitability, so trustworthiness is
increasingly important to consumers.
Read more on data security
ReportIBM Security X-Force Threat Intelligence Index

Gain insights to prepare and respond to cyberattacks with greater speed and effectiveness with the IBM
Security X-Force Threat Intelligence Index.

Related content

Register for the Cost of a Data Breach report

Types of data security

To enable the confidentiality, integrity and availability of sensitive information, organizations

can implement the following data security measures:

1. Encryption
2. Data erasure
3. Data masking
4. Data resiliency
Encryption
By using an algorithm to transform normal text characters into an unreadable format, encryption
keys scramble data so that only authorized users can read it. File and database encryption
software serve as a final line of defense for sensitive volumes by obscuring their contents
through encryption or tokenization. Most encryption tools also include security key management
capabilities.
Data erasure

Data erasure uses software to completely overwrite data on any storage device, making it more
secure than standard data wiping. It verifies that the data is unrecoverable.

Data masking

By masking data, organizations can allow teams to develop applications or train people that use
real data. It masks personally identifiable information (PII) where necessary so that development
can occur in environments that are compliant.

Data resiliency
Resiliency depends on how well an organization endures or recovers from any type of failure—
from hardware problems to power shortages and other events that affect data availability. Speed
of recovery is critical to minimize impact.
Data security capabilities and tools

Data security tools and technologies should address the growing challenges inherent in securing
today’s complex, distributed, hybrid or multicloud computing environments. These include
understanding the storage locations of data, tracking who has access to it, and blocking high-risk
activities and potentially dangerous file movements.

Comprehensive data protection tools that enable enterprises to adopt a centralized approach to
monitoring and policy enforcement can simplify the task. These tools include:
 1. Data discovery and classification tools
2. Data and file activity monitoring
3. Vulnerability assessment and risk analysis tools
4. Automated compliance reporting
Data discovery and classification tools
Data discovery and classification tools actively locate sensitive information within structured and
unstructured data repositories, including databases, data warehouses, big data platforms and
cloud environments. This software automates the identification of sensitive information and the
assessment and remediation of vulnerabilities.
Data and file activity monitoring
File activity monitoring tools analyze data usage patterns, enabling security teams to see who is
accessing data, spot anomalies, and identify risks. Security teams can also implement dynamic
blocking and alerting for abnormal activity patterns.
Vulnerability assessment and risk analysis tools
These tools ease the process of detecting and mitigating vulnerabilities such as out-of-date
software, misconfigurations or weak passwords, and can also identify data sources at greatest
risk of exposure.

Automated compliance reporting

Comprehensive data protection solutions with automated reporting capabilities can provide a
centralized repository for enterprise-wide compliance audit trails.
Data security posture management (DSPM)
Protecting sensitive information doesn't stop with discovery and classification. DSPM tools go
steps further to discover shadow data, uncover vulnerabilties, prioritize risks and reduce
exposure. Continous monitoring provides real-time dashboards that help teams focus on
remediation and prevention.
Data security strategies

A comprehensive data security strategy incorporates people, processes and technologies.

Establishing appropriate controls and policies is as much a question of organizational culture as
it is of deploying the right tool set. This means making information security a priority across all
areas of the enterprise.

Consider the following facets in your data security strategy:

1. Physical security of servers and user devices

2. Access management and controls
3. Application security and patching
4. Backups
5. Employee education
6. Network and endpoint security monitoring and controls
Physical security of servers and user devices

You might store your data on premises, in a corporate data center or in the public cloud.
Regardless, you need to secure your facilities against intruders and have adequate fire
suppression measures and climate controls in place. A cloud provider assumes responsibility for
these protective measures on your behalf.
Access management and controls

Follow the principle of “least-privilege access” throughout your entire IT environment. This
means granting database, network and administrative account access to as few people as
possible, and only to individuals who absolutely need it to get their jobs done.

Learn more about access management

Application security and patching

Update all software to the latest version as soon as possible after patches or the release of new
versions.

Backups

Maintaining usable, thoroughly tested backup copies of all critical data is a core component of
any robust data security strategy. In addition, all backups should be subject to the same physical
and logical security controls that govern access to the primary databases and core systems.

Learn more about data backup and recovery

Employee education

Transform your employees into “human firewalls”. Teaching them the importance of good
security practices and password hygiene and training them to recognize social engineering
attacks can be vital in safeguarding your data.

Network and endpoint security monitoring and controls

Implementing a comprehensive suite of threat management, detection and response tools in both
your on-premises and cloud environments can lower risks and reduce the chance of a breach.
Data security trends

In the changing landscape of data security, new developments such as AI, multicloud security
and quantum computing are influencing protection strategies, aiming to improve defense against
threats.

AI

AI amplifies the ability of a data security system because it can process large amounts of data.
Cognitive computing, a subset of AI, runs the same tasks as other AI systems but it does so by
simulating human thought processes. In data security, this simulation allows for rapid decision-
making in times of critical need.

Learn more about AI for cybersecurity

Multicloud security
The definition of data security has expanded as cloud capabilities grow. Now, organizations need
more complex tools as they seek protection for not only data, but also applications and
proprietary business processes that run across public and private clouds.

Learn more about cloud security

Quantum
A revolutionary technology, quantum promises to upend many traditional technologies
exponentially. Encryption algorithms will become much more faceted, increasingly complex and
much more secure.
How data security interacts with other security facets

Achieving enterprise-grade data security

The key to applying an effective data security strategy is adopting a risk-based approach to
protecting data across the entire enterprise. Early in the strategy development process, taking
business goals and regulatory requirements into account, stakeholders should identify one or two
data sources containing the most sensitive information, and begin there.

After establishing clear and tight policies to protect these limited sources, they can then extend
these best practices across the rest of the enterprise’s digital assets in a prioritized
fashion. Implemented automated data monitoring and protection capabilities can make best
practices far more readily scalable.

Data security and the cloud

Securing cloud-based infrastructure needs a different approach than the traditional model of
defending the network's perimeter. It demands comprehensive cloud data discovery and
classification tools, and ongoing activity monitoring and risk management. Cloud
monitoring tools can sit between a cloud provider’s database-as-a-service (DBaaS) software and
monitor data in transit or redirect traffic to your existing security platform. This enables the
uniform application of policies, regardless of the data's location.
Data security and BYOD
The use of personal computers, tablets and mobile devices in enterprise computing environments
is on the rise despite security leaders’ well-founded concerns about the risks of this practice. One
way of improving bring-your-own-device (BYOD) security is by requiring employees who use
personal devices to install security software to access corporate networks, thus enhancing
centralized control over and visibility into data access and movement.
Another strategy is to build an enterprise-wide, security-first mindset by teaching employees the
value of data security. This strategy includes encouraging employees to use strong passwords,
activate multifactor authentication, update software regularly, back up devices and use data
encryption.

https://www.varonis.com/blog/data-security
https://www.imperva.com/learn/data-security/data-security/
https://www.fortinet.com/resources/cyberglossary/data-security
https://www.cisco.com/c/en/us/products/security/what-is-device-security.html#~iot-devices
https://www.citrix.com/solutions/secure-access/what-is-device-security.html
https://www.augusta.edu/online/blog/what-is-mobile-device-security