What Is Data Protection?

Every day, cyber attacks aim to steal valuable and sensitive information from businesses, institutions, and government organizations. The increased sophistication of these threats has highlighted the importance of data protection to prevent costly breaches and data leaks. In turn, data protection has become a primary goal of cybersecurity, and it’s a major component of compliance and privacy. With the appropriate set of systems and strategies, organizations can prevent attackers from stealing data, thereby safeguarding against data loss and continuity disruptions.

Data loss and corruption cost organizations billions every year. A single cybersecurity event costs close to $100,000 per incident, and costs continue to rise. An organization victim of a data breach must spend money to cover litigation costs, compliance fines and new cybersecurity tools. Therefore, it’s an overall cost-benefit to put the proper controls in place to prevent an event.

The purpose of data protection is to stop data theft before an organization suffers from the costly aftermath of a successful compromise. It also protects customers from losing their data to an attacker and possibly being victims of identity theft and fraud. Avoiding a compromise isn’t the only benefit either. Data protection helps corporations find value in their data by cataloging it for future use.

There are three fundamental elements of data protection and security that most organizations should acknowledge in their cybersecurity efforts: Confidentiality, Integrity, and Availability. These three pillars are known as the CIA Triad, which functions as a framework to support resilient data protection systems.

• Confidentiality: Refers to secure protection of data from unauthorized access, permitting only select users with proper authorization and credentials.
• Integrity: Maintains data to be trustworthy, reliable, accurate, and complete without accidental alteration or modification.
• Availability: Ensures that data is readily accessible and available when needed for ongoing business continuity.

Business continuity depends on information protection. To sustain continuity, businesses need ways to recover from a cybersecurity event. For example, a misconfiguration or unexpected system failure can result in data corruption. Data protection plans would then come into play after these events.

The time it takes for a business to recover from downtime impacts revenue. The longer the system suffers from downtime, the longer the business cannot sustain productivity. Without productivity, the business cannot maintain revenue. In addition, downtime can affect future revenue growth and damage the brand.

Data protection, security, and privacy are related terms that are often used interchangeably, but they each carry different meanings and intentions:

• Data protection: The safeguard measures that prevent unauthorized access, use, disclosure, modification, or destruction of information. Data protection encompasses all physical, technical, administrative, and legal initiatives to protect data.
• Security: The protocols to protect computer systems, software, and networks against breaches of access, use, alteration, or destruction. Security covers physical, technical, and administrative systems to secure computers and network infrastructure.
• Privacy: In the context of data protection, privacy covers all measures taken to protect personal and confidential information, like limiting access to data; obtaining consent for its collection, disclosure, and use; and ensuring data is accurate and up-to-date.

One difficulty businesses face while implementing data protection is the barriers and hurdles necessary to create an effective plan. As technology evolves and more businesses work in the cloud, the environment’s attack surface increases, making it more difficult to defend against attacks.

A few barriers to consider include:

• Expanded attack surface: Adding backups, archives and other environmental components improve data protection but adds to the attack surface and increases risks.
• Common vulnerabilities: Misconfigurations are still common in an environment and are often the root cause of a compromise. Other common vulnerabilities persist and should be remediated to avoid a compromise.
• Evolving piracy and reporting requirements: Organizations must consider compliance when data protection is implemented, and this requires an audit and understanding of every compliance rule.
• Increase in IoT and mobile usage: Allowing IoT and mobile devices increases an organization’s attack surface, making data protection more difficult, especially if the devices are user-owned.

Data encryption is the first step in protecting data from attackers. Encryption should be implemented on data-at-rest and data-in-motion. When data is transferred across the internet, it should be encrypted to avoid eavesdropping and man-in-the-middle attacks. Compliance requires some encrypted data at-rest, such as sensitive information stored on mobile devices.

Cryptographically-secured encryption prevents attackers from reading any stolen data. Mobile devices with encrypted data-at-rest stop attackers from retrieving data on a physically stolen device. Compliance also regulates what data should be encrypted and how an organization protects information, so always check with regulations before creating a plan.

Protecting data isn’t just “one step and you’re done.” Complete information protection involves various components. Most large organizations use several principles of data protection. Still, any organization under compliance regulations and with highly sensitive data (such as financial or healthcare) should implement all categories into their cybersecurity controls.

Categories in data protection include:

• E-discovery and compliance: Discover data using that should be cataloged, tagged, and implemented access controls. This can be done with E-discovery analytics solutions.
• Archiving: Store old data in a separate location to free up storage space but keep a copy of it if needed in an investigation. This can be done with archiving solutions.
• Backups: Take a copy of data for disaster recovery after a compromise or corruption.
• Snapshots: Snapshots are similar to backups but include all system configurations to recover servers.
• Replication: Data replicating across environments provides redundancy.
• Availability: Any production data must be available for daily business operations to sustain revenue growth.
• Disaster recovery: A disaster recovery plan remediates any lost data and returns the system to normal for continued business productivity and minimized downtime.
• Business continuity: Every effort should be made to ensure data stability and availability to sustain productivity.

Today’s system environment comprises multiple operating systems and platforms, including the cloud. To continue operations, data must be portable across each environment. However, the convenience of portability should also involve protecting data from eavesdropping, theft and corruption.

One issue with data portability is ensuring that it integrates with the cloud. More organizations recognize that the cloud is perfect for backups and archiving, so any disaster recovery plan should include the time to migrate data from the cloud to on-premises storage. The cloud is secure, but administrators must properly configure migrated data for data protection and availability, including the access controls necessary to defend against theft.

Backups have always been necessary for business continuity but are now integral to disaster recovery. Instead of making backups at a specific frequency, data backups are continual and more strategic to return the business to its same state before the cyber event.

Storing large amounts of data is expensive and takes enormous storage space, so organizations typically leverage the cloud to avoid on-premises expenses. A good disaster recovery plan involves deduping data and ensuring that no data is lost during the migration of a backup to the affected system.

Small and large organizations benefit from data protection, also known in this context as information protection or data-loss protection (DLP). But an enterprise has several moving parts, a large attack surface, and enormous amounts of data that must be protected. An enterprise data protection strategy typically differs from a small business due to the large attack surface.

A few components in enterprise data protection include:

• Intelligent visibility: Enterprise administrators must be aware of all data across the environment so that it can be monitored and protected.
• Proactive mitigation: Reactionary cybersecurity is expensive and can severely damage revenue, but proactive mitigation tools and services detect and stop an ongoing attack before it becomes a complete compromise.
• Continuous control: Administrators must create a data protection plan that gives them persistent control over access and visibility.

Most businesses struggle with an increasing attack surface and new threats in the wild. These issues make it more difficult for a company to create a good data protection plan. While planning for the infrastructure and procedures necessary to protect data, administrators must prepare for a few potential problems, including:

• Data corruptions: Backups must be secure and valid, meaning any backups should be verified to ensure they are not corrupted. Corrupted backups can destroy a disaster recovery plan when put into action.
• Storage system failures: Every storage system should be available to maintain productivity. Backup storage locations should also be available to execute disaster recovery immediately when needed.
• Datacenter failures: Organizations that work in the cloud or a datacenter need persistent and reliable cloud connections. A secondary ISP or failover connection is often necessary in case of connectivity loss.

Cybersecurity changes daily as new threats are found, and attackers find new ways to bypass security, so trends continue to change to keep up with threats. Administrators don’t need to implement every trend in data protection, but adopting the latest technology often helps stop the latest threats.

A few trends to consider include:

• Hyper-convergence: Organizations now have a combination of virtual and physical machines, and all environments must be backed up. When designing a plan, ensure that virtualized servers and network devices are included.
• Ransomware: The only way to recover from a sophisticated ransomware attack is to recover from backups. Ransomware targets these backups, so data protection plans must include security on backup files and storage locations.
• Copy data management: Redundancy is necessary for good data protection, but having mismanaged backups can be a nightmare resulting in data loss and corruption. Planning should include the steps required to ensure backups are stored in one location and that other active backup systems do not overwrite them.

The organization’s devices and servers are more easily managed because it owns and controls what can be installed. User devices are more difficult because corporate data must be protected without interfering with users’ personal data and applications.

While allowing workers to use their own mobile devices improves productivity, it also increases risks. Administrators must take action to ensure that mobile data is protected with mobile security. However, this component of cybersecurity management is much more challenging than internal servers and appliances. Data should be synchronized with backup strategies, and the device must protect data after physical theft.

Every component in cybersecurity serves a purpose in protecting data, but compliance regulations distinguish between protection, security and privacy. Organizations must understand these differences to deploy the proper controls to stay compliant and avoid fines.

• Data protection: Any appliance or application that stops cyber attacks and protects from theft, including insider-led data loss.
• Data security: Cybersecurity resources that protect from unauthorized access and data manipulation or corruption.
• Data privacy: Auditing data and determining who should have access to it, along with monitoring access requests.

Every country has its own privacy laws, and organizations in these countries must comply with regulations. The two most prominent data privacy laws are the European Union’s General Data Protection Regulation (GDPR) law that went into effect in 2018 and the California Consumer Privacy Act (CCPA) in the United States. Both laws have severe penalties for non-compliance. The two compliance regulations have their own requirements, and organizations should ensure that they review and follow them.

The EU’s GDPR and CCPA are two of the most critical privacy laws with severe penalties for non-compliance. These privacy protection measures give consumers more control over their data and transparency about how organizations use it. Across both laws, it should be made clear that users have:

• The right to be informed or to know how their data is being used
• The right to access and see their data
• The right to rectification or ability to correct data
• The right to erasure or to delete their data or opt-out entirely

Every organization has its own data protection plan that should follow basic data safeguard standards. The tools and appliances that protect data depend on the organization’s infrastructure and storage practices (e.g., on-premises vs. cloud storage).

A few examples of data protection include:

• Data security: Authentication is required to access data.
• Access controls: The user must be authorized to view data.
• Storage requirements: Is data protected at-rest and in-motion?

A number of digital transformation and data security trends impact how organisations handle their data protection efforts.

• Remote work: The shift to remote work has created new security challenges as employees access corporate data outside the office network.
• Backup and disaster recovery-as-a-service: Organizations increasingly turn to cloud-based backup and disaster recovery solutions to protect their data in case of a security breach or other disaster.
• Regulatory compliance: Compliance with data privacy regulations such as GDPR and CCPA is becoming increasingly important as organizations face steep fines for non-compliance.
• AI governance: As artificial intelligence becomes more prevalent, organizations are focusing on developing governance frameworks to ensure that AI is used ethically and the data used to train AI models is protected.
• Zero and first-party data: As third-party cookies are phased out, organizations are looking to collect zero and first-party data to improve their data protection and security practices and better understand their customers.

As threats become increasingly advanced and sophisticated, organisations must stay up to speed with the latest data protection tools and information security methods.

• Data backup and recovery systems: These tools automatically back up important data and can quickly recover it in case of a security breach or other disaster.
• Encryption and cryptography: These technologies protect sensitive data by encoding it so that only authorized personnel can access it.
• Data discovery and classification software: Software platforms help organizations identify and classify sensitive data so that they can better protect it.
• Endpoint security: These systems protect individual devices such as laptops, desktops, and mobile phones from security threats.
• Data loss prevention: These protocols are intended to prevent data from being lost, stolen, or compromised by monitoring and controlling data access and use.
• Firewalls: Technologies built to prevent unauthorized access to computer networks by filtering incoming and outgoing network traffic.
• Access management: Measures used to control user access to sensitive data and systems to ensure that only authorized personnel can access them.
• Data erasure: These tools securely erase data from storage devices to prevent it from being accessed by unauthorized personnel.
• Employee monitoring software: Platforms designed to monitor and oversee employee activity on corporate networks to detect and prevent security breaches.
• Antivirus, anti-malware, and anti-ransomware software: Protect and disinfect computer systems from viruses, malware, and ransomware attacks that threaten data breaches and leaks.

It’s challenging for organizations to audit data and determine the proper protection strategies across an environment. Proofpoint Information Protection solutions can help organizations audit and discover data, create a strategy that follows GDPR and other compliance regulations, and protect data from theft or destruction. We will streamline incident responses and create an environment that safeguards data from external risk, including threats that target cloud platforms.