At a recent conference, I was reminded about the core security principles of confidentiality, integrity and availability. In the age of the cloud and compliance, most businesses focus on availability and confidentiality. Yet one particular speaker at the conference reminded me about the concerns around integrity.
As we move more and more of our lives to a digital format, integrity becomes critical. The 2014 breach of Apple where personal pictures were stolen raises concerns about an individual’s understanding of the tools they are using. Ignorance is no excuse, but it was interesting to read that some of the affected celebrities denied the pictures were actually of them.
Photoshopping pictures is nothing new and the fact that digital images are relatively easy to manipulate doesn’t come as a surprise. A few years ago on New Year’s Eve, a major storm erupted as one TV network digitally imposed its own advert over one of its competitor station’s adverts in Times Square. The viewers had no idea until it was later reviewed by people who were actually in the square at the time and saw a completely different advert.
Now let’s take this a bit further. You go in for a minor operation and your blood type is wrong, or the reading from the digital monitors is incorrect and not calibrated correctly. The digital information is taken as read and not questioned. Your home ownership and national insurance numbers and tax payments are now only held electronically but who is to say what is correct and factual? I recently had, what appeared to be, two fraudulent transactions on my credit card. When reviewed, the ‘fraudsters’ were clearly shopping for someone else but they had been mistakenly put on my account. How do I refute this in the digital age? What is valid when it comes down to a series of 1s and 0s? No one at the credit card company questioned the evidence – wrong name, wrong location, wrong signature. However, because of what looked digitally as my credit card, it was down to me to dispute the transactions.
Integrity in the digital age and validation of data are critical and must not be forgotten in our focus on compliance and availability. It could be a matter of life and death, particularly with health records and the reliance on digital information that isn't questioned. Just ask anyone these days to tell you what their best friend’s phone number is. They will not know but rely on their digital devices to hold this information for them without questioning the results.
Mikael Hagstrom EVP EMEAP of SAS recently pointed out the emergence of big data analytics and ensuring that the next generation keeps asking questions of big data. But, also question the answers. The issue still remains that the data integrity must be guaranteed because, without this, we will draw conclusions from invalid data.
The digital age is transforming our lives and enabling completely new and innovative services to be created that we will all benefit from. But, as we embrace this transformation, we must remember there is very little difference in a 0 or 1 – and this could make a huge difference when it comes to validated data. From a business perspective, policy and procedures are essential when ensuring that information is correct and validated, along with correct data storage and management. Aligned to this has to be access control and strong audit functions to ensure that data remains secure and validated. Businesses embracing these new digital services have to ensure that data integrity is designed into the services they offer and cloud providers will have to deliver it across the core principles of information security.
Data integrity refers to the accuracy and consistency (validity) of data over its lifecycle. Compromised data, after all, is of little use to enterprises, not to mention the dangers presented by sensitive data loss. For this reason, maintaining data integrity is a core focus of many enterprise security solutions. Data integrity can be compromised in a number of ways. Each time data is replicated or transferred, it should remain intact and unaltered between updates. Error checking methods and validation procedures are typically relied on to ensure the integrity of data that is transferred or reproduced without the intention of alteration.