All of the information in the world is useless if your users don’t have access to it. Losing access to some or all data can bring select departments or even your entire company to a screeching halt. What would your sales team do if they lost access to your CRM with all customer and opportunity information?
Availability includes keeping outside parties from getting into your data and locking you out as well as making sure that your users have a secure way to access the data they need from wherever they may be working. It also includes having a disaster recovery plan in place to get your employees access to that data again should anything happen. Knowing what downtime costs your company and having a well defined recovery-time-objective (RTO) and recovery-point-objective (RPO) will help you determine a security strategy that will protect your data while maintaining ROI.
As already stated, your data needs to always be available to your users as they need it; however, it is equally important that it is ONLY available to the right people. Allowing outside parties access to your data not only can be compromising but very costly. In the wrong hands, outside parties can use company, personnel and customer data to scam your customer and employee base or ransom that very data back to you.
Availability allows your users to stay productive while confidentiality protects your company, customers and employees from allowing outside parties to use that same data against them in a way that can cost you and them dearly.
Finally, maintaining the integrity of your data is incredibly important because having corrupt data can be just as detrimental as losing access to it all together. False billing information, incorrect contact information and false company correspondence are just some examples of how what could happen if the integrity of your data were to be compromised. No matter how available and confidential your data is, it isn’t going to do your team any good if it isn’t correct.
Often time outside parties will alter the integrity of your data as part of a larger attacks that attempt to compromise all 3 tenants of security. A ransomware attack is a great example. First the confidentiality is attacked when a hacker gets into your network. They will then alter the integrity of your data by corrupting backups to prevent you from meeting your pre-defined RTO and RPO. Once they have corrupted all of your backups they will lock you out of your own network denying availability. These attacks are a great example of how important availability, confidentiality and integrity are to the overall security of your company’s data.