It has often been argued as to what the most critical asset for an organization is. Of all the assets mainly associated with business success, these two stand out namely; Human Assets and data.
Its common knowledge among many leaders that the human asset is the key intangible asset for any organization. In today’s dynamic and continuously changing environment, it is the human assets and not the fixed or tangible assets that distinguish an organization from its competitors. Many multi billionaires like Elon Musk and Richard Branson emphasize the importance of having happy employees as they will inevitably deliver results. When an employee leaves, they might be replaced physically; however, their skill-sets and knowledge cannot be exactly replaced by the person replacing them, as each individual possesses a different skill-set and experience.
On the other hand, Data is often cited an organization’s most valuable asset. This in turn makes information security professionals to spend a great amount of their time safeguarding the confidentiality, integrity, and availability of information assets. This is usually done by setting up controls that are used to protect data.
Data in organization is predominantly in two different states. These are data at rest and data in motion.
Data at rest is data stored somewhere for later use. This might be on a hard drive or a USB stick or in the cloud. This kind of data at rest is vulnerable to theft if an attacker gains either physical or logical access to the storage media through either stealing a drive or hacking. Information Security professionals must undertake procedures to safeguard this data especially through encryption.
Data in motion is that which is currently in a state of transfer. Examples include data being transmitted between two systems, such as a user entering their financial credentials into a website or sending an email message over SMTP. Data in motion must be protected against data sniffing attacks as it often travels over public networks such as the internet.
Protection of data is not an easy task, but with the right policies and procedures, it can be achieved. Foremost, you should have clear policies and procedures surrounding the suitable use of data and the security controls that must be in place for sensitive information.
Second, you should use encryption to protect sensitive information when it is either at rest or in transit. Different types of encryption are suitable for diverse settings. File encryption can be used to protect the data stored on a device while transport layer security might protect information in transit. The transport layer is layer 4 of the OSI model that has both TCP and UDP. The Transport Layer can provide services including data integrity, flow control, traffic control, multiplexing, and byte orientation.
Finally, you should use access controls to limit access to information while it is in storage. This can be done using file system access control lists that stipulate who may view, modify, or delete information stored on a device.