Data Security

All data practitioners need to understand data security. It is good if you can learn about security in general, but at the very least you need to understand data security.

Data security is about protecting data from 4 things: unauthorised access, data corruption, data theft and data losss.

Whereas data privacy different. It is about user rights i.e. how data is collected, used and shared.

Components of data security:

1. Entry point
2. Access control
3. Authentication
4. Encryption
5. Data masking
6. Logging & Monitoring
7. Auditing
8. Backup
9. Recovery

Why is data security important?

1. Maintain availability
2. Maintain integrity
3. Protect personal data
4. Protect business data
5. Comply with regulations
6. Reduce risk of cyber threat
7. Reduce risk of insider attack
8. Reduce risk of human error

At any time one of your employees could accidentally delete some data. Or corrupted it by deliberately updating data to wrong values. A trusted employee could also turns malicious and steal company data: customer data, financial data, employee data or intellectual property. For ransom, or to be sold.

And the consequences are catastrophic. Your company could go bankrupt because no one would do business with you. Plus regulatory fines, legal costs, remediation expenses, lost revenues and reputation damage. For some companies, intellectual property is everything. Losing IP means losing the competitive advantage and that means losing the business.

On top of that the investors could lose confidence in your company and no longer willing to invest or lend money, which means that investors are avoiding your shares and bonds. Which means that your company shares are worthless. That in turn would trigger a mass exodus of employees, including the board of directors. This is because their bonus and incentives are linked to the company share price. If the shares are worthless they no longer get any incentives or rewards.

So protecting your data from employees are incredibly important for the survival of your business.

You also need to protect against attacks from people outside your company, like cyber criminals, terrorist groups, corporate spies and government-backed groups. They can also cause severe corporate damages that I described above. As well as ransomware payments, fraudulent transfers, and theft of funds.

Now that we are aware of the risks and consequences, let’s learn how to protect our data.

1. Entry Point

Let’s start with Entry Point, which is like a door to our company. Every entry point to our corporate network must be tightly monitored and controlled. This is called “network perimeter”. The best practice is not having only 1 entry point, but multiple entry points, each tailored to its purpose e.g. VPN for remote users, API gateway for external apps, DMZ for public-facing services. Apply “zero trust principle”, i.e. every access request must be verified, regardless of origin.

How do we protect Entry Points?

• Perimeter Firewall: Define strict inbound and outbound rules. Block unused ports and protocols.
• VPN Gateways: Use strong encryption (IPSec/SSL), enforce MFA, and monitor for anomalies.
• Web Application Firewall (WAF): Protect public facing apps from injection, XSS, and other exploits.
• Intrusion Detection/Prevention (IDS/IPS): Monitor traffic for suspicious patterns and block known threats.
• Endpoint Security: Ensure devices connecting to the network meet security standards (patches, antivirus, etc).
• Access Control Lists (ACL): Limit access by IP, user role or device type.
• Network Segmentation: Isolate critical systems so lateral movement is restricted if breached.
• Continuous Monitoring: Use SIEM tools to log, analyse, and alert on unusual activity.

2. Access Control

Access control is about deciding who gets in, what they can do, and how long they stay.

There are 5 basic principles of access control:

1. Authentication: Verify identity e.g. passwords, biometrics, MFA.
2. Authorisation: Define what authenticated users are allowed to do.
3. Least privilege: Grant only the minimum access necessary for a role.
4. Segregation of duties: Split the responsibilities to reduce risk of misuse.
5. Observability: Log and monitor the access events for traceability and audit.

The best practices for access control:

1. Use RBAC (Role Based Access Control) to assign permissions based on job roles (not to individuals). Simplify the access management and align it with organisational structure.
2. Enforce MFA (Multi Factor Authentication) to a second layer beyond passwords. This is especially critical for admin accounts and remote access.
3. Implement ABAC (Attribute Based Access Control) i.e. using dynamic attributes like the department, location and device type to refine access decisions. This is ideal for complex environments like cloud or hybrid setups.
4. Do regular access reviews to periodically audit who has access to what. Remove dormant accounts and outdated privileges.
5. Centralise identity management i.e. use IAM platform (Identity and Access Management) and streamlines provisioning and policy enforcement.
6. Adopt a Zero Trust Model, i.e. assume no user or device is trustworthy by default. Continuously verify and validate access requests.
7. Maintain detailed audit logs to track access attempts, changes, and anomalies. This is crucial for forensic investigations and compliance.

Common issues with access control are: overprivileged accounts, password fatigue and shadow IT. Password fatique leads to weak or reused credentials. Shadow IT is about unmonitored tools and platforms which bypass access controls.

3. Authentication

Authentication is about “Are you really who you say you are?”. Authentication is the most important thing in data security. Without authentication, data security is built on sand.

There are several mechanisms to do authorisation:

1. Passwords: Basic but vulnerable; often used with other methods.
2. Multi Factor (MFA): Combines two or more factors, like password and SMS.
3. Biometrics: Fingerprints, facial recognition (harder to spoof).
4. Tokens/Smart Cards: Physical or digital keys for secure access.
5. OAuth/SAML: Federated identity protocols for single sign-on across platforms.

The best practices for authentication are:

• Context aware i.e. adjust based on device, location, and behavior.
• Integrated with IAM i.e. centralised identity management to streamline control.
• Auditable i.e. every access event should be traceable to a verified identity.

4. Encryption

Encryption is important in data security because it prevents unauthorised access to sensitive data, even if it's intercepted. This is hugely important in the event of a cyber attack, because even if the attackers managed to steal encrypted data from our data store, they can’t read it without the decryption key.

Encryption also ensures that the data has not been tampered with during transmission or storage. A MAC (Message Authentication Codes) is a cryptographic checksum generated using a secret key and the original data. When data is received or retrieved, the MAC is recalculated and compared. If the MACs match, the data is intact. If not, it’s been tampered with.

5. Data masking

Data masking transforms the sensitive information the original data (like names, credit card numbers, medical records) into a masked version that looks real but is functionally meaningless. This makes it unusable to unauthorised users, while still preserving the structure and utility of the original dataset.

For example:

• John Smith is turned into Alan Turner (called substitution).
• 123-45-6789 (SSN is turned into XXX-XX-4321 (called partial redaction).
• john.smith@email.com is changed to user123@masked.com
• +44 7911 123456 (UK mobile number) is changed to +44 7000 000000 (all UK mobile numbers start with 7 whereas 44 is UK country code).
• Diagnosis: Diabetes, is changed into Diagnosis: Condition A.
• DOB: 12/03/1980 changed into 01/01/1970 (called date shifting).
• Bank Account: 00-11-22 12345678 into XX-XX-XX XXXXXX78.

The reason for doing data masking is so that developers, analysts and testers can work with realistic data without risk. If the masked data is leaked, it’s useless to attackers.

The second reason is to comply with regulations like GDPR, HIPAA, PCI-DSS by safeguarding PII. Data masking prevents exposure of personal, financial or proprietary information.

6. Logging and Monitoring

Logging and monitoring are the eyes and ears of your data security infrastructure. They don’t just record what happens; they help you understand why, when, and how it happened.

Logging is the systematic recording of events that occur within your IT environment. These events can include:

• User logins and access attempts
• File modifications or deletions
• System errors and crashes
• Network traffic patterns
• Application behavior

Logs are typically stored in centralised repositories and used for audit trails, forensic analysis, and compliance reporting.

Monitoring involves the real-time observation and analysis of logs and system activity to detect anomalies, threats or performance issues. It’s proactive and often automated using tools like:

• SIEM (Security Information and Event Management) platforms
• Intrusion Detection Systems (IDS)
• User Behavior Analytics (UBA)

Monitoring helps security teams respond quickly to incidents and prevent escalation.

Logging & monitoring are very important in data security because:

• They enable us to identify suspicious behavior, malware or unauthorised access attempts.
• In the event of a breach of incident, they enable us to understand the issue quickly, and enable us to contain the incident.
• They are required by the regulations like GDPR, HIPAA and PCI-DSS.
• They are useful for forensic analysis i.e. they help reconstruct events post-incident to understand root causes.
• They validate that access control and security policies are being followed.
• They reveal system health, performance issues and usage patterns.

7. Auditing

Auditing is a systematic evaluation of the data security policies, controls, and practices in your company. During audit we review the following:

• Access logs and user activity
• Encryption and authentication mechanisms
• Data handling procedures
• Compliance with internal and external regulations

Audits can be internal (conducted by your own company) or external (performed by third-party experts), and they often result in a formal report with findings and recommendations.

Auditing is very important in data security because:

• It identifies gaps in security controls before the attackers do.
• It ensures that your company i following the laws e.g. GDPR and HIPAA.
• It improves response plans by revealing weaknesses in logging and monitoring.
• It confirms that access control, encryption and backup policies are enforced.
• It demonstrates accountability to clients, regulators and stakeholders.
• It helps allocate resources to the most critical threats.

8. Backup

Backup is the safety net of data security. It ensures that even if everything else fails, your data is not lost. In today’s threat landscape, where ransomware, hardware failures and human error are all too common, backup is a necessity, not just a precaution.

Backup is very important in data security because:

• It safeguards against accidental deletion, corruption or hardware failure.
• It allows you to restore data without paying a ransom, neutralising extortion.
• It minimises downtime and ensures operations can resume quickly.
• It enables recovery from natural disasters, power outages or system crashes.
• Meets legal requirements for data retention and recoverability.

In the EU, Digital Operational Resilience Act (DORA) takes effect from 17th January 2025. All companies in financial services need to implement comprehensive ICT risk management frameworks, conduct incident management processes, perform regular testing of their systems, and ensure their third-party ICT providers are compliant and secure. Non-compliance can result in significant fines.

In the UK, since 31st March 2025 financial services companies need to comply with operational resilience policy. Financial services companies must identify important services, set disruption tolerances, and map their systems to ensure continuity, supported by ongoing testing and investment. 

9. Recovery

Recovery in data security is about the process of restoring lost, corrupted or compromised data and systems to a functional state after an incident. Whether it's a cyberattack, hardware failure, human error or natural disaster. It’s the final safety net that ensures business continuity, when all other defenses have failed.

During recovery we need to:

• Bring back files, databases or configurations from backups.
• Rebooting infrastructure, applications or services.
• Coordinated strategy to resume operations after major disruptions.
• Recovery Time Objective (RTO): How quickly systems must be restored.
• Recovery Point Objective (RPO): How much data loss is acceptable, for example the last 2 hours of transactions.

Recovery is very important in data security because:

• It keeps operations running after a breach or failure.
• It reduces financial and reputational damage from prolonged outages.
• It allows restoration without paying ransom to the attackers.
• It is required by GDPR, HIPAA, and other regulations for data availability.
• It shows to the customers and stakeholders that you company is resilient and prepared.

You cannot expect that the recovery will be successful when the real incident happens. In fact, without practicing it over and over, you can expect that the recovery will fail. Therefore it is very important to ensure that everyone involved in recovery is listed, and all the steps are documented. And every 6 months, be it raining or sunny, everyone involved execute those recovery documentation step-by-step.

But there are various scenarios like hardware failure, cyber attack and the whole data centre is flooded. The recovery scenarios are different in each of those cases, so they all need to be practiced.

Note that it is not called “Disaster Recovery” because it may not be a natural disaster like flooding or earth quake, but a cyber attack or internal security breach from a rough employee.

And that my friends is the whole shebang. We have gone through all of these 9 points one by one:

1. Entry point
2. Access control
3. Authentication
4. Encryption
5. Data masking
6. Monitoring
7. Auditing
8. Backup
9. Recovery

I hope it has been useful. As always I’d be grateful for all your comments, feedback and questions.

My Linkedin articles: https://www.linkedin.com/pulse/list-all-my-articles-vincent-rainardi-eohge/

My blog: https://dwbi1.wordpress.com/

#DataSecurity #Data #Security #CyberAttack #Recovery #Monitoring #AccessControl