When it comes to security, many IT professionals live in constant fear that they don’t have all of their basis covered. With an increasing number of threat vectors every day, having a holistic security solution to keep their data and users safe is paramount. The CIA has long had a triad of factors that determine whether or not data is truly secure and usable, and when applied to cyber-security it is a great starting point for IT professionals.
What good is it to have information if your users don’t have access to it when they need it? Availability is a core tenant of security because making sure your employees have access to the information they need to do their jobs is paramount to keeping them productive and profitable. Making sure data is available can make it difficult to keep it confidential (next step). Since availability will often mean hosting in a centralized location, the Cloud comes to mind, and duplicating it in case of a loss of the primary data; it is very important to make sure that these efforts to maintain availability don’t infringe upon the data’s confidentiality.
The data needs to be available to approved users, but it is equally important that outside parties do not have access to it. Keeping users that aren’t authorized and those outside your company from having access to company and customer data is important for reasons ranging from fraud and compliance all the way to competitive advantages you may lose if your competition had this information. Confidentiality is one of the most commonly thought of components of security as even non-technical staff know that they need to keep company information private and the use of passwords and other data restriction processes is very commonplace.
Integrity is a lesser considered but equally important aspect that needs to be taken into account when developing a cyber security plan. Maintaining information integrity consists of making sure that your company data is correct and consistent. Often hackers will corrupt company backup data so that when they lock a company out of their own Cloud (attacking availability) they can’t reliably lean on the backups they have created. Having your users act upon incorrect or outdated information can be even worse than having them having to rediscover that information from scratch.
Any attempt to keep a company’s network and data secure must address all 3 of these core issues of cyber security. Often a successful breach of a company’s network starts with attacking confidentiality, then proceeds to integrity and finally locks users out of their own network completing the attack with availability. This pattern can be flexible and they will often start with whichever tenant is left the most vulnerable.