I’ve been asked numerous times, “What is data protection?”, so I decided to take you through an adventure of data protection. Hello, I’m one of the newest team members of the GEOS team. I’ve been assigned to become a subject matter expert on data protection. Data protection can be difficult to understand and confusing with all the different terms and how they can relate to everyday life.
The world continues to rely heavily on data storage due to the increasing amount of data being created. This increased amount of data will increase the likelihood for the information to be stolen, copied, destroyed, or lost. According to Arne Holst of statista.com, “The total amount of data created, captured, copied, and consumed globally is forecast to increase rapidly, reaching 64.2 zettabytes in 2020. Over the next five years up to 2025, global data creation is projected to grow to more than 180 zettabytes.” With the increase in the amount of data being created and the projected increase means the need for data protection and security will increase as well. So, what are data protection and data security? Why is data privacy important? What some types of data protection?
Data protection is a set process or strategy that can be used to secure the availability, privacy, and integrity of information. It is sometimes referred to as data security or information privacy. Data protection strategies are vital for an organization that handles, collects, or stores any type of sensitive data. A successful data protection strategy can help reduce the chances of or prevent data corruption, data loss, or theft. This successful strategy can also help minimize damages that are caused by a data breach or by some type of disaster.
Data security is the practice and strategy for protecting digital information from unauthorized access, theft, or corruption throughout the data’s entire lifecycle. It is a concept that involves every characteristic of information security to include physical security of hardware and storage devices, administrative and access controls, and logical security of software applications. Data security concepts can be applied to organizational policies and procedures as well if needed.
These two terms sound similar based on their definitions, however, there is some minor difference between the terms. Data security is essentially a subcategory of data protection as presented in the image below. You can’t have data protection without data security and data privacy, which we will discuss later in this blog.
Data privacy is a guideline for how data should be handled or collected, based on the data’s importance and sensitivity. Data privacy normally relates to personal health information (PHI) and personally identifiable information (PII). This type of data includes medical records, financial information, social security or ID numbers, birthdates, names, and contact information. Data privacy concerns typically apply to any sensitive information that an organization may handle from its customers, shareholders, and employees. Information from these sources can play a crucial role in an organization’s business operation, development, and finances.
Data privacy is important because it helps ensure that all sensitive data is only accessible to approved users and that organizations meet regulatory requirements. It also prevents criminals from maliciously using the data for their agenda or selling the data to somebody else. Data privacy focuses on determining who’s allowed access to data. With data privacy, users can control how much of the data can be shared and whom it’s shared with.
1. Encryption – An algorithm that transforms normal text characters into an unreadable format or hash file. Encryption keys are designed to scramble data so that only authorized users can read it.
2. Data Erasure – This is a more secure method than standard data wiping. Data erasure will use software to completely overwrite data on a storage device. Data erasures will verify that the data on the storage device is unrecoverable.
3. Data Masking – Masks personally identifiable information (PII) where necessary so an organizational team can develop an application(s) or train users with real-time data.
4. Data Resiliency – Resiliency is determined by how well data centers can recover or endure any type of failures such as hardware problems, power shortages, and other disruptive events.
5. Access Controls – limits both physical and digital access to a critical system(s) and data. Controlling access includes making sure all devices and computers are protected with a mandatory login entry, and that a physical space can only be entered by an authorized person.
6. Authentication – refers to accurately identify a user before they have access to any data, system, devices, and other information. Authentication usually includes passwords, PINs, security tokens, swipe cards, or biometrics.
7. Backups & Recovery – Have a data backup and recovery plan is a good data security method to securely access data in the event of system failure, disaster, data corruption, or breach. Organizations need to have a backed-up data copy that is stored on a separate format such as a physical disk, local network, or cloud to be recovered if needed.
Data protection is a makeup of three subcategories, traditional data protection methods, data security, and data privacy. Traditional data protection methods are used to create a backup or replication of existing data that can be retrieved and restored at any point. Data security is the method of securing data from being accessed by unauthorized individuals. While data privacy is the method or guidelines to protect individuals’ personal and private information. The guidelines can also govern the individual’s rights to their information, who can access it, where it is stored, and be informed if their information is stolen or leaked.
As one of the newest members of the GEOS team, I am setting out to share about the variety of products Dell Technologies for data protection. I hope to explore some of Dell’s products such as PowerProtect DD Series Appliances, Data Protection for VMware, RecoverPoint for Virtual Machines, Avamar, and PowerProtect Data Manager. These are only a few of the solutions and resources that Dell Technologies offers to customers to produce their current and future data. Stay tuned as we continue through our data protection adventure.
Harrington, D. (2021, July 6). Data Security: Importance, Types, and Solutions: Varonis. Inside Out Security. https://www.varonis.com/blog/data-security/.
Data Protection and Privacy: Definitions, Differences, and Best Practices. Cloudian. (2021, March 24). https://cloudian.com/guides/data-protection/data-protection-and-privacy-7-ways-to-protect-user-data/.
Holst, A. (2021, June 7). Total Data Volume Worldwide 2010-2025. Statista. https://www.statista.com/statistics/871513/worldwide-data-created/.
What is Data Security? What is Data Security? Data Security Definition and Overview. (n.d.). https://www.ibm.com/topics/data-security.