Java Reference
In-Depth Information
this by itself does not annul the need to maintain data conidentiality and integrity through
protection mechanisms. Let us explore some concepts that are the guiding principles behind data
protection:
◾
Necessity for storage of data
◾
Varied data protection techniques
8.2.1.1 Necessity for Storage of Data
One of the most important points of consideration for protection of data at rest is whether that
data needs to be stored in the irst place. his might sound odd, considering that organizations
perceivably think about what data are stored and what are not. However, the truth is that in
several cases, organizations do not look into the real need to store sensitive data like credit
card information, health records, or personally identiiable information. he rule of thumb
is
the more data that are stored, the more it has to be protected
. Protection means that time and
resources need to be spent in ensuring that protected data remain protected. he real business
requirement for storing data needs to be understood; data must be stored only if there is a
genuine need for the same. In certain cases, there may be possibilities where the application of
sensitive data may be replaced by other data elements that are not required to be as secure. For
instance, if an organization just needs to use a unique number associated with a customer, it
can stop storing the customer's Social Security number and replace the same with a generated
unique number.
8.2.1.2 Varied Data Protection Techniques
It is important to understand that diferent data have diferent requirements for protec-
tion. Encryption, while being one of the methods used to protect data, is not the only one.
Encryption is one of the irst options that occur to individuals who are looking at protecting
data at rest. Encryption is an excellent option when handled properly. he algorithm needs
to be of a certain caliber, the key needs to be of a certain complexity, and, moreover, the
encryption keys need to be managed to ensure that the keys retain the complexity and secrecy
required for protecting conidential information. Encryption as a data protection technique is
required when sensitive information needs to be regenerated in its original form. In some cases,
sensitive information need not be regenerated in its original form; for instance, user passwords
can easily be subjected to a one-way hash, where the hash value of the user password is stored in
the database and every time the user needs to authenticate, the password can be entered, which
is converted into the hash value. he hash value generated from the user's password input can
be compared against the hash value stored in the database and, if found to be matching, can
be the basis for user authentication.
Truncation is another way of protecting data at rest. he truncation technique is used
extensively when credit card information is involved. Entities that don't need to store credit
card information but still need some basis for the transaction can truncate the card number
to contain only the irst six or the last four digits, thereby eliminating the need to encrypt
the information and deal with the associated key management procedures that come with
encryption.
Search WWH ::
Custom Search