How Secure is Our Data?

Views: 1.4K

Information security can only be managed when significant emphasis is placed on securing data

Ruchin Kumar, Principal Solution Architect, India and SAARC, SafeNet India Pvt Ltd

Online space is a blessing, but it can lead to sensitive information falling into wrong hands. It  might be possible to query the system to collect data on the top ten transactions in the last  seven days. This may facilitate someone with criminal mindset to make demands on parties  involved. There have been many instances where the published information in a public website or any  other public media has led to an uncomfortable situation for someone or the other.

These days it has also become possible to query the system to show the list of individuals with  the highest number of properties in a certain area.

This may again facilitate someone with a criminal mindset to misuse the information for his or her personal gain. Cases where misuse of data has led to uncomfortable situation often come to light.

There has to be a system in place where the machines are correctly able to interact through a foolproof system of identification

Safeguarding Data

In our IT Act, it is mentioned that if a corporation is storing critical data, which gets misused  or compromised, then the corporation will be liable to pay damages to the person or entity  affected. It can also lead to financial penalties to the corporation and loss of importance. So  security is now becoming very important in terms of safeguarding the integrity of the data  and the confidentiality of the sensitive information. The idea of nonrepudiation is also  important when it comes to data storage.

Integrity of data means that an unauthorised entity should not be able to tamper with the  data. Maintaining the confidentiality of the sensitive information means that the data should  not be leaked to unauthorised entities. Non-repudiation means that the person who owns the  data should not be able to deny a transaction after having conducted it. Not every piece of  data is sensitive. So there should be some system of classifying the data to find out what data  requires what level of security.

There is a need to control access. Not every piece of data is needed by everyone. Data should be  accessible only to the genuine users. At every point of time the amount of information that  can be fetched needs to be controlled.

Implementing Security

Security is an ongoing process; it should be running continuously. There has to be a proper audit trail and reporting, so that there can be a timely review of the security of the critical data. How do we authenticate the identity of a person? There is legal validity given to the system of PKI, which uses certificate based authentication to establish my identity. Apart from the system of username and password, which is easy to break, there should be another system of authenticating the identity of the person who is accessing the data.

Then there is the aspect of machine to machine level authentications, where a lot of     transactions for mobile governance are being conducted. There has to be a system in place where the machines are correctly able to interact through a foolproof system of identification. SafeNet is one of the oldest security companies in the world. The company employs a large number of encryption engineers, and enjoys presence in every part of the globe. SafeNet’s security systems are being used not only in the government, but also in the finance sector.

Follow and connect with us on Facebook, Twitter, LinkedIn, Elets video

Eletsonline News

Latest News

To Top