Business Meeting Office

The 4 Fundamentals to IT Security

Blog
At a recent security event, VP of Gartner Neil MacDonald broke down the fundamentals of IT security into four categories, "Information security was never about device lockdown, or dictating applications, or building firewalls. It was always about protecting the confidentiality, the integrity, the authenticity, the availability of information." Here's a closer look at these four security qualities. Data Confidentiality One of the biggest roles of IT security is protecting sensitive information, especially concerning the data that needs to be kept confidential. In a company's IT network, sensitive data is exchanged between multiple parties like customers, employees, and even yourself. You will want to have strong protections in place to assure that only the people meant to see the information will be able to access it. For example, only your accounting department should be able to view your employees' bank account information. A breach in data confidentiality will put victims at risk of identity theft and make your business liable for damages. Here are six examples from Cornell University of data that your business needs to keep confidential.
  • Data used to uniquely identify people.
  • Data used to pay or reimburse people.
  • Data used to provide employment benefits.
  • Data used to support business-related travel and lodging.
  • Data used to understand the financial status of a person.
  • Data used to fulfill obligations to the government.
Data Integrity Data integrity doesn't refer to the truthfulness of information, but rather, data integrity is about maintaining and assuring the accuracy and consistency of data over its life-cycle. An IT network that's been properly maintained and upgraded will have no problem accessing a file created back when the company was running Windows 98. Poor network security is shown when files are lost and unintended changes happen to the data during an upgrade, hardware failure, situation of malicious intent, or regrettably, human error. Data Authenticity Software isn't meant to be modified. If a program is hacked or messed with by a user for any reason, then it's no longer guaranteed to work in the future. A software modification can really come back to bite you when you're not able to complete an operation due to broken code, or data becomes damaged or lost. Also, a user that's in the habit of modifying their software may be in direct violation of the software's licensing agreement. If a software manufacturer were to find out that someone in your organization modified their code, your business would be liable and in for a world of legal hurt. Data Availability If your data isn't available when you try to access it, then your network protection policies have failed, but data availability goes beyond data integrity. Data availability means that your data is available no matter the circumstance. This includes accessing your data during peak network traffic, and even in the event of, or shortly after, a major disaster. Having a Data Backup and Disaster Recovery plan (BDR) is one of the fundamental components to having solid IT security for your business. PACE Technical Services can cover your data availability needs with our BDR solution. BDR will virtualize all of your network's data in the event of a disaster, meaning you can access it and keep working even if your in-house network is down. Whether you store and manage your data in-house, or if you take advantage of a cloud data storage service, it's vital for your business that these four IT security categories regarding data management are covered. You will achieve this by properly managing the data usage and storage policies on your network, along with having a strong security solution in place like a Unified Threat Management tool. PACE Technical Services can help you with all of your data management responsibilities to ensure that your business is protected from security threats. Call us today at 905.763.7896 to learn more!