Data Integrity: Relevancy, Risks and the Appropriate Use

Written on October 3, 2019 by Sabrina Spilka

Data are ubiquitous and necessary for every company to be successful. In 2020 there will be more than 40 zettabytes, that is 40 trillion gigabytes (40²¹) or 40.000.000.000.000.000.000.000 bytes of data worldwide. Ten years before this number was only at 1,2 zettabytes; the amount of data has nearly increased forty-fold in only 10 years. Collecting data is quite easy for companies these days. More and more data are produced, and the infrastructure allows us to easily save, process and use these data. Data are invaluable; that is why they are often subject to attacks and if compromised in any way are of low or no value anymore for a company. Every data loss, especially of sensitive data, poses a significant threat for a company and its stakeholders.

We at Anexia have set ourselves to provide solutions for data integrity, not only for ourselves but also for all our customers. Due to the constantly rising significance of data integrity, we explain within this blog, what data integrity means, which risk are associated to it and how integrity within an IT system and network can be ensured.

What does data integrity mean?

Data integrity refers to the accuracy, completeness, and consistency of data over its full lifecycle. Meaning that data should not be changed anonymously and focus on the traceability of data changes. Strong integrity describes a state, when data cannot be changed unrecognized. Furthermore, data integrity is about securing regulatory compliance, e.g. GDPR, and data security. Data integrity refers to a state, but also to a process. As a state it describes the validity and accurateness of a data set. On the other hand, as a process it describes all measures that are necessary to ensure the validity and accurateness of all data in a database.

Risks associated with the lack of data integrity

Risks associated with the lack of data integrity are more and more in the awareness of the public. In the past only risks concerning attacks (e.g. non-availability due to DDoS attacks) or theft have been considered, and the issue of data integrity has been of minor relevance. But criminals can and have already changed their modus operandi, and increasingly manipulate data, which poses an attack on data integrity. The aim of such an attack is to gain unauthorized access and change or damage data. Especially when choosing a new IT system or service, these possible risks should be considered:

Human errors
People (for example employees) can gather incorrect information, delete or duplicate data or do not follow a given process. These errors can occur unintentionally or deliberately.
Transfer errors
Data are often transferred from one location to another. If data are not transferred successfully, we talk about transfer errors.
Attacks and cyber threats
Attacks by spyware, malware or viruses can affect anybody and data can be changed, deleted or stolen. Cyber-attacks but also insider-attacks pose an immediate risk for data integrity.
Compromised hardware
A computer or server crash, issues with laptops or other devices are errors and can indicate a compromised hardware. These errors can lead to a flawed or incomplete rendering of data or a denied or difficult access. The term “compromised hardware” includes also device or disk crashes and physical compromise of hardware.

How to ensure data integrity

Despite all mentioned possible threats there are several measures you can take to minimize or even eliminate them. Integrity can be achieved by using appropriate processes, rules and standards. We will describe them shortly.

Data Validation

Data validation encompasses different stages from the input to the maintenance of data.

Input validation
All data input should be validated, no matter if it is done by a known or unknown source. Only if the data input is done correctly and is verified, the data can and should be saved.

Data validation
Data validation guarantees the consistency of data over the complete lifecycle. Adequate rules define how data are saved and processed. These rules can include the type of data or the data format. A functioning data validation system lead to flawless and correct data in a system.

Remove duplicate data
Often sensitive data from an actually secure data base is saved in other not really safe documents or places. This leads to security issues and duplicates. Removing these duplicates ensures the accurateness and consistency of data. By using a special software solution, you can easily find and remove duplicates from your data base.

Back-up data

A well-performing and highly secured data back-up is one of the major security aspects for successful data integrity. Strict compliance to a back-up and recovery strategy not only secures data but also prevent data loss. Back-ups can vary in their configuration:

Back-up frequency (daily, weekly, monthly, etc.)
Back-up location (you can choose between a back-up within the same data center, maybe even on the same server, or off-site back-up in another data center or you choose a cloud back-up solution)
Storage type (NAS, SAN, S3)
Provider of storage hardware

We at Anexia offer you the most appropriate back-up solution adapted to your requirements. Either with a Hosted Backup Solution or a Cloud-Backup-Solution. In case of data loss or a damage to your data, the back-up helps to reconstruct it, both in the recovery of media data and the physical and logical recovery.

Limited Access and Social Hacking

By limited access and the definition of permissions for changes on information, unauthorized changes on data can be prevented. With this measure you can also avoid human errors, both deliberate and unintentional. Even if individuals do not change or delete data deliberately, those errors can harm data integrity a lot. Next to employees, external individuals may manipulate data deliberately. A possible solution for defining access restrictions can be the principal of minimal rights. Only those users, that really need access to a specific data set gain access to them. Do not forget to implement physical access restrictions for server locations.

Avoid, if possible, shared user accounts. Often there is only a limited amount of licenses available for an application and several users share the same account. In that case data integrity is no longer existent, as it is not possible to track who actually changed the data. If it is not possible to avoid shared user accounts, you can implement documentation rules for data changes. With these rules you can reconstruct which employee changed something and what he changed.

Access restrictions can furthermore minimize the risk of social hacking. With social hacking criminals try to gain access to sensitive and secret data. First, they conduct an extensive analysis of possible weaknesses of e.g. employees, to decoy them into passing on their login data for a specific application or system of a company.

Log Management

A well-working log management can help to always keep track of your data. As soon as data are added, changed or deleted, it will be noted automatically. Therefore, users should not be able to access these logs or manipulate them. Every change of data can be attributed exactly to the specific user enhanced by the exact timestamp. Anexia offers with its log management tool CloudLog the perfect solution. This tool allows an easy management of big data and the alert feature immediately informs you, if irregularities occur.

Reduce transfer errors

Data are constantly transferred from one place or one device to another. While transferring data via the internet you should always adopt suitable security measures, to guarantee the complete transfer. For protecting your data, hash values can be generated and attached to your data. The receiver can then check, if the data is complete. During the transfer data or the hash can be manipulated. For additional security you can use a Message-Authentication-Code for better recognize any unwanted changes.

At best a data transfer is done redundantly. Even if one connection fails or is compromised, the other connection can send the data safely to the defined destination and data loss is prevented. With a completely redundant network, Anexia offers double security for your business.

A well-performing data integrity system helps monitoring every bit of data in real time and allows an independent verification of all events within a network. In case of an incident or irregularity you can act instantly and misconfiguration within a network can be recognized promptly.

Traceability and transparency are the main aspects of integrity, if implemented correctly. If all measures are implemented for your network, IT system and your infrastructure, you are well prepared against many threats from the internet. With Anexia and our solutions we help you take a further step towards data integrity.

Are you looking for a reliable partner for the protection and integrity of your data? Contact us today and get more information about our solutions.

cloud log

data protection

Datacenter

Anexia is

ANEXIA offers high-quality solutions in the areas of cloud and managed services as well as individual software, app and web development. Founded in 2006, the company is based in Klagenfurt and has additional locations in Vienna, Graz, Karlsruhe and New York City.