The processes and techniques involved in securing digital data from breaches or leaks, from unauthorised access to systems or technical misconfiguration are called data security.
Depending on where the data resides, appropriate controls may be implemented on digital assets to protect it. In the simplest scenario, where data is stored in persistent memory on a single computer’s hard drive, software or hardware security methodologies can help secure the data, like encryption software, which converts the data into an unreadable format and back again based on the use of a password. Hardware encryption may also be used. If the data is stored in non-persistent memory, such as random-access memory or optical drives, implementing software measures on the operating system can prevent leaks.
In the case of networked computers, whether private networks or connected over the open Internet, data security takes many aspects. In any network, the data is as secure as access to it. Access control, therefore, forms a key methodology in keeping data secure. Other relevant controls may include zero-trust network architecture, multi-factor authentication such as biometrics, hardware tokens and one-time codes, as well as role-based access. For data stored in cloud services - increasingly common in commercial environments - security controls are offered as part of the cloud platform through infrastructure-as-a-service. Such controls may include encrypting databases, access control, backup facilities, remote secure erasure, and information security features to prevent viruses or malware from gaining access to data.
Data security is recognised in international law and enforced through data protection regulatory measures in many countries. Organisations can certify under internationally recognised standards, such as ISO 27001 and ISO 27002, to develop best practices for securing data and providing assurance to customers and partners.