1. Data Security (OBJ 1.4)
In this section of the course, we’re going to discuss data security. Now, throughout this section, we’re going to be focused again on domain one security architecture, and specifically objective One four. Given a scenario, you must implement data security techniques for securing enterprise architecture. Now, to secure data in your networks, it’s important that you work collaboratively with the rest of your organization. Often, when a new product line is being launched or a new business project is being undertaken, people from across your organization are going to be brought together into a cross functional team. It is really important to understand how to effectively collaborate both within your team and across all of the teams that are going to make up your organization to best secure all the data that’s going to be involved in this new product or program.
These days, it is extremely common to find a project that’s going to touch multiple teams or multiple business units across your organization. And if the project touches all of those areas, that means data is going to be flowing into and out of all those areas as well. For example, in my company, if we’re going to create a new website to promote and sell a new course that’s going to involve multiple departments, first we have the system engineers, database engineers, and front end developers who are responsible for actually building that website. Next, we have the sales and marketing teams who are going to be responsible for all the content that will be posted on that website.
Next, we have our financial team who’s going to be responsible for making sure the contracts, service agreements, and credit card processing agreements are all completed and ready for us to start selling that course. As you can see, even a simple project like a new website can cross numerous different departments within a small organization. But what does that have to do with data security? Well, each of these departments is going to be focused on its own specialty. So if you think about the sales and marketing team, they may not be focused on how secure the website’s data actually needs to be.
Instead, they’re more focused with the functionality of how it’s going to be displayed and how their sales, copy and marketing materials are going to look to the end users. Now, while the financial team has certain requirements that have to be met to accept the payments, they’re usually going to leave the technical details and data security up to the system engineers, the database engineers, and the front end developers. Our job as security practitioners is to always help bridge the gap between these different teams and make sure that we’re all working towards a cohesive goal of data security for our organization on each and every project.
As we start considering the data that’s being created, processed, stored and destroyed as it moves through the data lifecycle. Our goal is that over time, these team members will start to be exposed more and more to the importance of data security, and they’ll start to think about it through their own perspective and their own areas of expertise, too. Now, the benefit of bringing all these different groups together is that we’re going to be able to make a more holistic and secure solution than we ever could have if we designed it all by ourselves. So in this section of the course, we’re going to begin by discussing the data lifecycle and data inventory. Then we’re going to move into our discussions of data storage, backup, and recovery, along with data classification, labeling, and tagging. After that, we’ll discuss data observation, anonymization encryption, and decryption. Finally, we’re going to move into data loss prevention and data loss detection. After all, as Bruce Schneider said, hardware is easy to protect. Lock it in a room, chain it to a desk, or buy a spare. Information poses more of a problem. It can exist in more than one place, be transported halfway around on the planet in seconds, and be stolen without your knowledge. This is a true challenge for us when we’re dealing with protecting our data and achieving data security. So let’s get started in this section of the course with our discussion of data security.
2. Data Life Cycle (OBJ 1.4)
All data and information has a lifecycle associated with it. The data lifecycle is the entire period of time that data exists within your systems. Data goes through six main stages throughout its life cycle, from creation to usage, to sharing to storage to archival to destruction. First, we have data creation. Data can be created in your system whenever it’s acquired, entered, or captured. Data acquisition occurs when existing data that’s produced outside of your system is imported automatically into your system. For example, if I created an email and I sent to you, your system has acquired that data and began its lifecycle within your systems.
Data entry is going to occur when information is manually typed into your system by personnel within your organization. For example, if you open up a Word document and you start taking notes while watching this lesson, you’re going to be performing data entry. Now, data capture occurs when data is generated by a device used in your organization. For example, if your routers and switches are constantly generating log files, those are a form of data capture. Second, we have data use. Now, data use is the phase of the lifecycle where data is put to work to achieve some purpose within your organization. If you’re viewing, processing, modifying, or saving the data, you are currently performing data use.
Every time a critical piece of data is opened and accessed, there should be an audit trail that maintains a log of who access the data and when. Third, we have data sharing. Now, data sharing occurs when a user makes the data available to somebody else outside of the organization. For example, when I began recording this video, only my staff had access to this video so we could create this course and all the subtitles for this particular lesson. But once we were at a point where we wanted you to be able to see this video, we had to share it with other organizations and people outside of deon training. When data is shared, it’s important that you put the right protections in place based on who should be able to access the data being shared and where that data should be shared to.
Fourth, we have data storage. Now, data storage occurs when the data is not being actively used. Every piece of data needs to be stored for later retrieval, processing, use, or transfer. But while it isn’t actively being used, it’s going to have to be stored someplace. Now, the data may be stored as a digital file, such as a Word document or a single item within a larger database, depending on the type of data and the protections it requires. Data that is going to be stored is going to be placed into an area that is instantly accessible when needed by your users. Fifth, we have data archival. Now, data archival is the copying of data to an environment where it’s going to be stored in case it’s going to be needed in an active production environment again. Later on, for example, your organization might conduct nightly backups of all of your servers and put that onto a backup tape or a cloud based glacial server.
In that case, the data won’t be instantly available anymore, but your organization can recover to it and restore from it if they need to, taking those from the archives and putting them back onto your production servers in the case of an emergency or an investigation. 6th we have data destruction. At some point, the data you’ve created, used, shared, stored, and archived is going to be no longer valuable to you. At that point, it’s going to be time to destroy the data and bring it to an end of its useful life. After all, we can’t keep all of our data indefinitely because we’re going to end up running out of storage space, or it’s going to simply cost us too much to buy more storage space for all of that data that has no useful purpose.
This destruction could be as simple as running a delete command on a server, or it could be overwriting that area of a hard disk with zeros. Or you could physically destroy a tape backup by shredding that tape. The exact method here isn’t really important, but the concept is that that data has to go through a lifecycle. And that’s what we’re concerned with here. Remember, all data moves through this life cycle, from creation to use to sharing to storage to archiving to destruction. Now that we understand the basic data lifecycle, we need to discuss the concept of a data inventory. Now, a data inventory serves as a single source of truth within your organization.
A data inventory is going to be used to provide instant insight into all the sources of data that an organization has access to, what information is being collected by these sources, where that data is being stored, and what will ultimately happen to that data. This is also referred to as a data mapping in some organizations. So why is it important to conduct a data inventory or data mapping? Well, if we’re going to be responsible for protecting our organization’s data, then it’s really important that we understand exactly where all that data is located. Now, this may sound easy, but these days it’s actually quite challenging because we have data located all over the place. Do you have data on your company’s sharedrive and email servers? Well, most likely you do, and you probably have full control over those servers.
But there’s a lot more of your data out there as well. In my own company, we have data in our accounting software and our credit card processing software. Both of these are software as a service solutions. Now, we also have some of our data in our learning management system and other parts of our data in our customer relationship management system. We use tools like Slack, Office 365, and Google Workspace and all these have our data, too. So I only just scratch the surface here. But I’ve already listed out nine different places where our data resides, and we’re a really small company. This is why conducting a data inventory or data mapping is truly important here.
Because once you know where all your data is, you can then begin to determine how you’re going to secure that data and protect that data across all of these disparate storage rays that you’ve now created. Now, once you’ve identified all of this data, you need to figure out how to ensure its integrity is also being maintained. This is known as data integrity management. Now, data integrity is all about protecting data against improper maintenance, modification, or alteration, and it also includes data authenticity. Integrity has to do with the accuracy of information, including its authenticity and trustworthiness.
Now, information with low integrity concerns may be considered unimportant to your business because it doesn’t have a precise operational function, and therefore, it’s not necessary to vigorously check that for errors. Information with high integrity concerns, though, are considered to be crucial and critical to your functions, and therefore they must be accurate in order to prevent negative impacts to your organization’s activities. For example, if you’re dealing with your accounting software, you likely need to ensure it has a high level of integrity because you don’t want to have a customer’s balance saying that they owe you $10,000 when they only owe you $1,000. That would be a big problem and due to a lack of integrity, because it’s changing those numbers.
Therefore, you want to build out your data protection plans for your accounting systems and implement things like journaling and hashing of your data to ensure the integrity remains intact at all times. Conversely, if you’re dealing with some kind of data that doesn’t require high integrity, you might choose not to implement these more expensive controls. This is ultimately a decision that’s going to be made using your risk management and considering the cost versus the benefits of adding these additional controls to each of your data processing systems. Finally, we need to discuss data storage a bit more in depth here. By far, the most commonplace we’re going to store our data to is a Raid. A redundant array of inexpensive disks, or Raid is a hard drive technology that allows data to be written to a logical partition that’s going to be spread across multiple physical disk drives.
This ensures that even if a single disk drive in the array fails, that data is still going to be available by restoring it from the Raid itself instead of having to restore it from a tape backup. Now, there are four main types of Raid arrays that you should be familiar with raid Zero, which is referred to as disk striping raid One, which is called disk mirroring raid Three, which is called byte level data striping with dedicated parity and Raid Five, which is block level data striping with distributed parity with a Raid Zero or disk striping. This is going to involve a minimum of two physical disks. In this configuration, half of the data is stored on one of the physical drives while the other half is stored on the other drive. This increases the responsiveness and the delivery of the data stored on this kind of Raid. But there is no added redundancy to this data.
If either of these physical drives fail, all the data is going to be lost. Now, if we want to have some redundancy, we can move to a Raid One. Raid One or Disk mirroring places the importance of redundancy over speed in this array. In this type of configuration, you need to have at least two physical disks and you’re going to have a copy of the data written to both disks at the same time. This provides an always ready and available backup in case either of those individual drives fail. The next type we have is known as a Raid Three, or byte level data striping with a dedicated parity drive and this uses a minimum of three disks. In this type of configuration, a portion of your data is placed on the first drive and another portion is placed on the second drive. Then we use a mathematical algorithm to calculate a parody that’s going to be stored on the third drive.
If a single drive fails, then the parity can be used to recalculate the values that were stored on one of the drives that failed. Once we put in a new drive and we rebuild the array, this allows us to rebuild itself very quickly and provide data to our users in no time at all. Next we have a raid. Five. Now, Raid Five is the most commonly used raid It is known as a block level data striping with distributed parity. In this array, a minimum of three drives is also required. When the data is stored on this array, a piece of the data is placed on each of the drives and the parity is also stored on those drives. Instead of reserving a single drive for all the parity storage, we’re going to have data and parity equally distributed across all three drives.
This type of array is very popular because we can replace any single drive without having to shut down the server and this allows operations to continue while we’re rebuilding a failed drive. Now, raids can be implemented using either software or hardware. Now, it’s cheaper to use a software based solution, but hardware based solutions will operate faster for most environments. Another storage option we have is known as storage area networks or Sands, and these are very common in our larger enterprise networks. A sand provides high capacity storage by connecting storage devices using a high speed private network that is going to be interconnected by storage specific switches.
This is usually going to be handled by a fiber channel network. Sans are going to be great for their scalability and high availability, but they are quite expensive to produce and to procure and they require a high level of skill to maintain these things. These days, a lot of our data is also going to be stored in the cloud. This can be inside of a database, a block level storage or a binary large object known as a blob. Regardless of where we end up storing our data, it’s always important for us to have a backup and recovery plan for that data because all forms of storage are subject to outages and data loss eventually.
