The factors that jeopardize the security of IT data are above all 3 and correspond to the so-called CIA triad (Confidentiality, Integrity and Availability), on whose coexistence a proportionate and effective system protection depends. EU Regulation 2016/679 or GDPR (General Data Protection Regulation) explicitly recommends, in art. 32, that "technical and organizational measures are in place to guarantee an adequate level of safety to the risk". In the absence of these measures, not only the organizations lend themselves to potential threats, but they can incur very onerous penalties, as provided for by the GDPR. Which, again in the art. 32, prescribes that the measures mentioned before, must have "the ability to ensure, on a permanent basis, confidentiality, integrity, availability and resilience of the processing systems and services".
1. What happens if the confidentiality of the data is not guaranteed?
The first factor that makes the systems vulnerable is the lack of data confidentiality. In other words, it is their improper or unauthorized use, which may occur following a hacker attack or a human error caused by the company's internal staff. In the first case, we go from identity fraud to forms of interception that target routers, gateways and network servers (the classic example is the cloning of the credit card used during the e-commerce activity), up to the subtraction of access passwords. In the case, however, of accidental and unwanted errors, these are generated by incorrect authentication rules or the free availability of third-party devices. To ensure confidentiality, it is advisable to follow the criteria of pseudonymisation and encryption referred to by the GDPR, as well as a rigorous control of accesses and encryption of communications when the data is in transit
2. How to preserve data integrity with Blockchain technology
The second factor that involves a risk to data security is the violation of their integrity, that is, the modification or cancellation of an intentional or negligent nature. It is a danger to which one is constantly exposed, which can be faced both with Intrusion Detection software to prevent and neutralize cyber-attack, and with a specific training of users who have different levels of access in the company. In order to preserve data integrity and security, some recent solutions adopt Blockchain technology and its widespread cryptography model. In fact, in the current scenarios, the digital identity requires that a plurality of systems (on premise, cloud, multi-cloud), the same ones on which data is exchanged on a daily basis, are simultaneously manned. Reason for which the Blockchain solutions are finding application in sectors such as banking and insurance, particularly "sensitive" to the issue of data security.
3. Disaster Recovery and Business Continuity against data unavailability
Finally, the third factor that can jeopardize data security is the inability or difficulty, to use the words of the GDPR, «to promptly restore the availability and access of personal data in the event of a physical or technical accident ». This "unavailability", that is the impossibility of accessing the resources normally used, may originate from malicious actions, such as DoS (Denial of Service) or DDos (Distributed Denial of Service) attacks, but also from accidents, such as earthquakes, floods and fires. Added to these are software and hardware failures or accidental data removal by mistake. The only way to respond effectively to the risk of unavailability is to have network infrastructures that guarantee redundancy between the systems. Provided, of course, that activities have been prepared not only for classic back up, but above all for Disaster Recovery and Business Continuity. Indeed, complete data security requires that they be always and continuously accessible.
