General Data-centric Security Mechanisms
Data has become part and parcel of our lives. There is so much important data that its security becomes an issue for us. To secure data, we need certain data-centric security mechanisms.
Data-centric Security Mechanism is way of countering any attack or threat that might occur to data by emphasizing on data rather than the network.
Let us discuss certain general data-centric security measures.
- Cryptology –
Communication always happens between two parties – One which sends message and others who receive it. Sometimes, sender wants message only reaches receiver and is not leaked in process of sharing. To avoid other parties from viewing or understanding message, sender and receiver perform some safety measures. Cryptology is tudy and implementation of encryption and decryption. Encryption and decryption techniques are used to secure data.
The message is sent in following steps:
- Sender has a message in a readable and understandable format. This message is called plain text.
- Sender converts this message into a non-readable format so that anyone other receiver would not understand message. The process is called encryption and message in plain text is now converted into cipher text.
- Ciphertext then is to be sent to receiver. This can happen only through a secure channel or medium.
- When data reaches receiver side, it is in ciphertext form.
- Ciphertext is then changed into a readable format through decryption process. After completion of decryption process, receiver gets plain text, which is actual message sent by sender.
- Data Access Controls and policies –
Data Access Controls refer to restrictions on access and use of data. This means that data should be accessible to only people who have proper authorization to use it. This requires knowledge of information, its storage, its importance, and authorized people. Then, controls are set such that other unauthorized people shall not be able to view, use or manipulate data.
- Data Masking –
Data masking is a technique by which data can be hidden within a database relation (table) or cell so that people without access cannot handle it. This can be achieved in many ways such as by duplication or dynamically. This is so done because sensitive information needs to hide from people (developers, unauthorized users, third party, outsourcing vendors, etc.).
- Data Auditing –
This refers to assessment of data controls and activities in data layer. There should be timely auditing so as to look out for any security breaches to data. There are several companies that lack this important factor and it results in stealing or manipulation of important data. The assessment must be performed at regular intervals. The regularity minimizes data breaches and they can be easily handled.