Introduction
Today, sensitive institutional data is prone to unauthorized access, and organizations have to use protective mechanisms to safeguard its integrity. Technological development has made it easy for organizations to store, use and share information via networks. Criminals steal classified data and sell it to the highest bidder (Rao & Selvamani, 2015). Thus, organizations must look for protective mechanisms to warrant the safety of vital information. The security techniques must not affect employees’ ability to discharge their duties. This article will compare and contrast the various strategies that institutions use to protect endpoint records, data at rest, and information in transit.
Endpoint Security
An organization cannot claim to have effective data protection mechanisms without considering endpoint security. Rao and Selvamani (2015) maintain that endpoint security entails the controls put in place to protect system users or clients. They include the protection methods used to safeguard information stored in Smartphones, external drives, Universal Serial Bus (USB) drives, and DVDs. In most cases, malware like Conficker, Stuxnet, and Flame are spread via portable media like USB (Sharma & Navdeti, 2014). Organizations can protect data stored in such devices by limiting their usage and turning them off if necessary. Data encryption is an effective protection mechanism that is used to safeguard data in transit, at rest, and at the endpoint. Organizations use software like BitLocker and Encrypting File System (EFS) to safeguard data stored in hard drives (Sharma & Navdeti, 2014). They also use encryption to protect information kept in tablets and smartphones. Configuration lockdown is an essential control mechanism used to make sure that end system users or customers do not alter endpoint data.
Data at Rest
Data at rest refers to information kept in local storage devices like thumb drives, disks, hard drives, and tapes. It can also cover information stored in databases, servers, intranet sites, and file shares. Data at rest is susceptible to malware attacks, pod slurping, keyloggers, and Trojans (Suresh & Jongkun, 2015). Companies can use perimeter-based controls to safeguard data at rest. They include antivirus software and firewalls. Unlike endpoint security, data at rest is protected via hardware controls. Information stored in computer hard drives is safeguarded through a trusted platform module (TPM) chip. Suresh and Jongkun (2015) allege that TPM is a “slow cryptographic hardware processor, which can be used to provide a greater level of security than software encryption” (p. 3). Computer experts have developed self-encrypting hard drives (SEDs) that protect data through layers of encryption keys. It becomes hard for unauthorized persons to retrieve information from the drives.
The data at rest is also protected using software encryption. Organizations use BitLocker, EFS, and Pretty Good Privacy (PGP) software to safeguard information. Software controls allow organizations to provide security to specific databases or files. The main weakness of software controls is that an institution must guarantee the safety of encryption keys by updating them regularly (Suresh & Jongkun, 2015). Another mechanism that is used to protect data at rest is information fragmentation. A company can store singular data components in distinct locations. It would ensure that hackers do not get sufficient information to perpetrate crimes or fraud.
Data in Transit
Data in transit refers to information that is being transferred from one point to another via a network. Such data requires protection because it may fall into the wrong hands. The main challenge in protecting data in transit is that the majority of the programs and protocols transfer information in the form of text (Lafuente, 2015). Information transfer services like File Transfer Protocol (FTP), web, and email lack effective security control, thus subjecting data to risk. Data in transit is prone to numerous threats, which include hijacking, sniffing, data modification, and eavesdropping. Just like endpoint and data at rest, information in transit can be protected via encryption (Lafuente, 2015).
Nevertheless, for data in transit, encryption happens at different levels. Link encryption helps to protect information as it travels through the communication medium. The encryption makes it hard for unauthorized persons to sniff the data (Lafuente, 2015). Conversely, end-to-end encryption is used to protect data at its origin and destination. However, such a mode of encryption moves information from the source to the end-user in clear text, making it vulnerable to sniffing. Virtual Private Network (VPN) is a safety control mechanism that is used to safeguard data in transit only (Lafuente, 2015). The method enables individuals to communicate via the public internet without compromising the safety of institutional data. The VPN uses encrypted tunnels to move data from the source to the destination. An individual has to produce a digital certificate for verification before accessing information.
Conclusion
Data protection is essential for the safety of an organization. Companies require using different security control mechanisms to protect the various states of data. Encryption is a protective mechanism that is used to guard data at rest, in transit, and endpoint. Limiting information usage can help to protect endpoint data. Hardware controls like TPM chips help to safeguard data at rest. On the other hand, VPN facilitates the transfer of information via public networks. The data protection mechanisms that an organization utilizes must not hinder employees’ ability to execute their duties.
Reference List
Lafuente, G. (2015). The big data security challenge. Network Security, 2015(1), 12-14.
Rao, R. V., & Selvamani, K. (2015). Data security challenges and its solutions in cloud computing. Procedial Computer Science, 48(1), 204-209.
Sharma, P. P., & Navdeti, C. P. (2014). Securing big data hadoop: A review of security issues, threats and solutions. International Journal of Computer Science and Information Technologies, 5(2), 2126-2131.
Suresh, J. S., & Jongkun, L. (2015). A TPM-based architecture to secure VANET. Indian Journal of Science & Technology, 8(15), 1-6.