Data security is not only important for Data Science Projects an essential topic, but for data-driven companies as a whole. In this blog article, we look at the most important aspects of data security, distinguish the measures from data protection and show how companies can ensure data security in their organisation.
When we talk about data security, we are usually talking about topics such as Cyber Security, Hacker attacks and not to forget about the Protection from Data. However, data security has other dimensions that sometimes get lost in the discussion or are not distinguished sharply enough from each other.
What is data security? The three aspects of data security are information security, data integrity and guaranteeing access.
Data security can be defined and described in terms of three essential aspects:
- Information security
- Data integrity (Protection against loss and misuse)
- Guarantee of the Access / Control of the Access rights
These three essential protection goals help companies and organisations to establish data and information security. Because of the English terms, these general data protection goals are also called the "CIA principle". Literally translated, these terms are: Confidentiality (English: Confidentiality), Integrity (English: Integrity) and Availability (English: Availability).
Confidentiality in this context means that only such Users at Data and Information access and modify them who are permitted to do so. The Protection the Integrity means that no one is allowed to change data secretly. Changes must be accordingly transparent be made. The Availability from Information in turn ensures that data must be accessible within an agreed time frame.
In addition, there are so-called downstream protection goals in data security: Authenticity, bindingness, imputability of actions and statements, and anonymity.
However, more measures may be needed to ensure data security that are not covered by these three main principles. The three general ones, overriding protection goals can therefore be further, so-called "downstream" Protection goals attach.
- Authenticity: In order to guarantee the authenticity and credibility of information, measures must be taken to Authentication Especially with the electronic Shipping of documents, it is of great importance to have them as a real to be able to check.
- Liability respectively Non-repudiation: So that an action cannot be denied afterwards and, for example, also (purchase) contracts and GTCs online legally valid can be completed, this principle must be guaranteed.
- Identification or Attributability: Statements and actions must be clearly attributable to a specific person. This principle serves to ensure legal certainty and to assign actions to specific persons in a worst-case scenario.
- AnonymityAnonymity as a protection goal seems to contradict this. But: The protection of privacy and private individuals is also important and must be guaranteed.
The security of the data can be ensured by three types of measures: technical and organisational measures.
To ensure data security, there are on the one hand technical Measures that can be taken. As a rule, this aspect dominates the topic of data security. The technical side of data security includes all measures that can be taken to protect a system or the system architecture of a system. unwanted, non-authenticated Accessed at preserve. Above all, techniques for encryption or firewalls play a role here.
Beyond that, however, the organisational measures play an important role. This is not surprising insofar as many of the conservation goals formulated above are not of a technical nature. In other words, the People within an organisation itself establish data security. This can be achieved through measures such as Trainings happen in which Behaviour be arranged for employees.
Last but not least, there is also the possibility of physical protection of data. Even though data is in principle digital and virtual, there is always a physical carrier. Data security can therefore also be established by only granting certain employees access to certain devices or buildings on which the data is stored.
Data security is ensured by organisations
Data governance is therefore one of the key areas in this context when it comes to behaviour and corporate culture. The first thing to do is to identify all the key Data Roles in the company and to fill them. The aim here is to recognise all critical processes and, where necessary, to Standards or solutions such as a Data catalogue to develop.
Reading tip: Read our basic article to find out all about Data governance and data management.
Data security can be achieved through Big Data solutions, as can be seen from the example of fraud detection.
When it comes to technical answers to the challenges of data security, data science methods from the field of data security are particularly suitable. Big Data-environment. In particular the Monitoring of data and, as a result, methods such as Fraud detection make it possible to quickly detect conspicuous actions or unauthorised, irregular access. In this way, countermeasures can be taken in real time if possible.
Data protection within the framework of the DSGVO
Data protection, as regulated by the GDPR, is only one aspect of data security. Even if many decision-makers have been aware of it in recent months as a the Although data security was the dominant issue in the past, data protection is only one aspect of data security as a whole. Even if the new regulations within the framework of the GDPR brought a great many innovations, other measures must not be perceived as subordinate to this complex. Data protection explicitly pursues the goal, personal Data protect. Data security, as explained above, is about much more.
The comparison of Data protection or Basic Data Protection Regulation and Data security about more than the mere relationship between theory and practice. The GDPR provides the legal guidelines for the protection of personal data. Data security, on the other hand, is not limited to a specific category of data, but aims at the totality of all data present in an organisation. Data files and related processes such as Data pipelines as of.
Who is responsible for data security in the company?
One of the most central questions that arises with regard to data security is that of the Responsibility for it in the company. In our experience, in many cases the lack of awareness of the issue is the most important and first starting point. On the one hand, it is a question of Knowledge about data security in the companies.
On the other hand, it is also a matter of Tasks necessary to comply with legal requirements, such as the appointment of a Data Protection Officer but also the Securing from Access rights to be distributed accordingly within the company.
Data security should by no means be regarded as a neglected aspect of Data projects be. For data-driven companies in particular, data security is rather the basis for the Success at Data age dar.