The fact that more than one user in different locations may require simultaneous access to the confidential information used in different applications makes it difficult to protect the information from a wide variety of threats.

Identifying Threats

Protection is more than controlling access. It's also about preventing unauthorized release, unauthorized modification, and unauthorized denial of access.

Unauthorized release involves copying or moving secured data beyond the boundaries of the computer system. The release may provide the thief with a specific advantage, permit the use of proprietary software, or allow outsiders to analyze data usage patterns. Unauthorized modification refers to cases in which secure data is changed or erased within the secure computer system. Unauthorized denial of access means the outsider blocks legitimate users from accessing or modifying the secure data. This occurs when an outsider crashes a secure computer system, disrupts normal operations, or destroys some of the secure system's equipment. For both unauthorized modification and unauthorized denial of access, the attacker may or may not have moved a copy of the information elsewhere.

Establishing Defensive Strategies

There are a variety of defensive strategies that security teams can adopt to thwart these attacks, including all-or-nothing access, controlled access, usage constraints, and physical constraints.

All-or-nothing access can be accomplished to varying degrees by isolating one user and his/her data from other users and their data. This effectively divides the security data system into many smaller data systems, and forces attackers to succeed at many separate break-ins rather than just one. Controlled access is the attempt to use software and hardware systems to limit each user's access to the centralized, secure data store. In this more complex approach, each data file or data item is open to one or more users and closed to all others. A more advanced approach is to allow user-controlled access parameters. Here, each user can develop individualized rules for who may access his or her own data, limiting access not only to certain users, but to certain days and times, certain machines, and certain situations—such as requiring at least two users to agree on any changes to the data.

Aside from seeking to prevent the release of or access to secure data, security teams can try to impose constraints on the usage of data that does get out. Such measures usually include regulations, warning labels, and the like. Computer information systems that implement such controls—such as messaging systems that delete each message a few seconds after it is opened—are still in early stages of development.

Physical constraints on data access is often the bottom line of data security, involving external security measures such as fences, locks, and other mechanisms that restrict outsiders' abilities to get anywhere near the secure data.

Defensive Design Principles

When it comes to securing a data system, several design principles act as a baseline.

Making denial of access the default condition. It's beneficial to create protection schemes in which affirmative permission is required to access the data. Like electronic locks that stay locked when power is interrupted, this design principle eliminates the possibilities in which system failures and mistakes open doors to the secure data. Instead, they automatically close it off.

Checking authority on every access. This approach requires a foolproof method of identifying every data access request source. It may be slower than systems that shortcut this methodology, but it is far more secure.

Protecting the passwords, but letting the mechanisms be open to design review. Experience has shown that greater data security is achieved when more than one expert designed and examined the protection mechanisms. When security mechanisms themselves are designed and built by only one or two people, security flaws often slip through to production systems.

Requiring multiple authority for access. Simply put, a security system that requires two keys to unlock it is stronger and more resilient than a similar system requiring only one.

Restricting privileges as much as possible. Just like how smaller groups keep secrets better than larger groups, limiting access to secure data as much as possible is always beneficial to data protection. This implies keeping the number of authorized users to a minimum, and limiting each user to the lowest level of secure access consistent with their data access needs.

Maintaining ease of use. Although data security necessitates some extra complexity, when the system becomes too complex, users will tend to leave security doors open and write down passwords next to their computer keyboards. Keeping data security systems as simple as possible is one of the best ways to encourage users to follow them.

Making attacks as difficult and expensive as possible. The more complex and difficult circumventing your security measures are, the fewer the outsiders that will have the time, energy, and resources to succeed, or even to try. That's why longer passwords are far more secure than shorter ones, and why simple biometric requirements like fingerprints and retinal pattern recognition significantly "up the ante" for potential attackers.

Implementing alerts to unauthorized penetration. Data security is greatly enhanced when a system recognizes unauthorized access and notifies security personnel. Although notification will not prevent the release of secure data, the warning allows for remedial actions that could potentially render the information worthless to outsiders.

Not all systems follow these pinciples. However, the more of these that gets incorporated into the system, the more secure the resulting system.