But the consequences of analysing data security under these two perspectives makes a big difference and can reduce significantly the data breach risks and increase resilience capacity upon an attack.
Privacy concept relates to prevent or block an asset access, allowing only selected accesses. Security mainstream is usually linked to this type of concept, covering access protection towards users or applications, etc…
Confidentiality concept should be addressed to mitigate the risk of an attack being successful. The user passes the privacy filters, and gains control over the asset; maintain confidentiality means to maintaining the control over the copy and transmission of that asset towards all potential users.
In documents or data security, this difference can be extremely important. According to the Ponemon Institute, it takes 7 months to discover a data breach; in the meantime, we are being observed and our data is being robbed and compromised. If our strategy of protection is based mostly on the privacy side, we will be exposed to our attackers once they break through our defenses. We see this to happen very often and it is continuously in the news today.
Security standards as ISO27001 or PCI DSS, refer frequently these two concepts as basics to maintain a healthy Security System.
But while the prevention technology progressed very fast and is widely installed in the corporate and private users; data confidentiality technologies that control the copy and transmission of data and documents, such as DLPs or IRMs like Sealpath are so not so much extended…
Nevertheless they have developed very fast since Y2K and slowly thanks to the data protection laws, the hype created by the news, and especially by bad self-experiences these technologies are more and more common. Although they have not reached the role they should in the Corporate Risk Mitigation and protection strategies.
As a friend of mine said, if a robber breaks in your house, it’s OK since he does not harm or robes you. If we imbalance more our investments in privacy and confidentiality for sure we would suffer less with data breaches.
I invite you to share with me how you face these risks and how you balance these two concepts.
Biz The World