IBM Destination Z - Group home

Is Data in Motion and Data at Rest Secure

By Destination Z posted Mon December 23, 2019 03:23 PM

Security wasn’t much of an issue when many of us started our career. Only employees seated near the data center had access to the sensitive data. We would transport tapes as backup, but the huge boxes of tapes required a lot of hardware to access; few ID thieves had the money, time or patience to wade through it.

While our corporate data was a lot more secure, it also wasn’t accessible. Once companies could open systems to customers and clients, the hardened security of a data center essentially vanished, except for the data that never leaves the center, a minority of your TB of databases.

Data is far more valuable now. Detailed, in-depth customer information is housed in corporate databases around the world, as our trade secrets, corporate plans and even federal and state secrets can be found on computer systems.

With increased data value comes increased attempts of hacking. For too long, social security numbers were used as identifiers, exposing that vitally important information to too many people. We’re all at risk. Yet the challenge of really locking down your data is tough and it will cost you.

Data at Rest

When data is only stored on a disk drive within a hardened data center, behind a firewall, this is referred to as data at rest. Although it’s the most secure position for your data, it could be more readily hacked by trusted employees and can also be accessed by outside bad actors if your network is breached.

The quick answer: Encrypt it. You can also store components of the data in different locations so that it requires a great deal more effort to collate the information. The overhead of encryption is offset by faster processors, but there’s still a cost. Still, some CPU overhead is less damaging to a company than the cost of a data exposure.

Data in Use

While there’s a lot of data that is kept as part of compliance regulations or corporate history, the vast majority of it is accessed on a regular basis. Access control and authentication security tools help; at least you know who has access.

But as you add more people to the access list, you increase your exposure. You’ll need people who keep on top of the reports. Even your most trusted employees can make dangerous mistakes, taking confidential data home to a less secure, Wi-Fi system. Some companies supply systems without the ability to backup files to a thumb drive, but it’s harder to keep them from emailing files to their personal mailboxes.

Being aware of the risks and having a good security team monitoring the situation and adapting to new threats is essential.

Data in Motion

With web and mobile-enabled applications on the increase, a lot of sensitive data is now in motion, which substantially increases the exposure. Bicycle couriers and packages are too slow for most agile companies; they need the speed of email, but it comes at the cost of exposing data on the internet.

What’s the path it takes? While you may be able to control the access within your company, once it is outside your firewall, you have no idea how many routers, hubs and servers it has to traverse before it arrives at the desired destination. The immediacy can fool us, making us believe that the path is less exposed and simpler than it actually is. For email, encryption again will help, but at a cost.

Recent new apps offer the opportunity to store and view highly personal information on your device. The convenience is obvious, but so is the risk. Who can access it? What if your phone is stolen? As the value of the information carried on our mobile devices increases, so does the risk. Mobile apps will need the same kind of encryption/decryption services to ensure that the proliferation of exposed data is limited.

The same issue is likely with new-concept brick and mortar stores where you are identified on entry and select and pay without interaction with a store clerk. These offerings are on the rise, using your phone as the interface and purchase terminal. Yet these “easy” interactions can potentially expose your data to anyone looking. We’ve begun to trust free Wi-Fi too much.

Look at Safety

If you haven’t begun to consider all the ways your data is available, it’s time to look now.

Coming up will be discussions of data exposure impacts and some new ways to keep your data safe, at lower overhead and impact to performance.

Denise P. Kalm is chief innovator of Kalm Kreative Inc. and consultant to CM First Group.