UNIT-2

DATA SECURITY
PREPARED BY: LOCHAN RAJ DAHAL
 ASSET MANAGEMENT

What Does Cybersecurity Asset Management Involve?

► To address security issues, you must discover the gaps, and to do that you need a comprehensive and reliable
inventory of your asset. Therefore, cybersecurity asset management involves:
1. Obtaining and continually updating an accurate inventory of all IT resources.
2. Discover security gaps related to the asset’s presence or configuration.
3. Enforcing security requirements to rapidly address the identified gaps.
 What is data asset management?

► Acquiring, monitoring, using, optimizing, and exploiting data assets to generate value is the process of data
asset management. All data assets swiftly turn into liabilities in the absence of management.
► When it comes to tangible assets, this is evident. Real estate investors’ assets are their properties. No
self-respecting real estate investor would purchase properties, make minor repairs, rent them out, and then
neglect the properties until a disgruntled tenant complained about a problem. Potential assets must be
managed to become tangible, value-generating assets. This requires constant monitoring, proper use,
continual improvement, and prudent leveraging.
► Although less visible, it nevertheless holds true when talking about digital assets. The amount of value you can
extract from your data will be severely constrained if you regularly create or acquire new data. Most modern
enterprises just dump it into a data lake or warehouse and forget about it until there is an urgent need or
problem. Turning your data into a source of competitive advantage requires effective data asset management.
 Aspects of data asset management

► Accessibility
In terms of data, access refers to being able to locate and get the information you need at the appropriate time. Finding
necessitates maintaining an up-to-date map of your data assets and having your asset store’s search function be easy.
Obtaining requires carefully controlled access rights.
Typically, a data asset management platform is needed to provide data accessibility. This platform might be a data
asset catalog or incorporate one. Each data asset’s entry in a data catalog contains definitions, descriptions, ratings, and
the identity of the data owner. Other information makes it easy to search for and locate the data you want for any given
purpose.
► Compliance
While maintaining regulatory compliance requirements might be tedious, ensuring that your buildings keep to building
codes is essential. It would be unfortunate if they were declared unsuitable and demolished (or, maybe worse, if you
had to pay a massive fine for the violation).
Data assets are often subject to even more restrictions than physical assets: GDPR, CCPA, HIPAA, DCIA, etc. Data
asset management must focus on data governance and regulatory compliance for your assets.
 Aspects of data asset management

► Risk management
Protecting your data against natural or accidental calamity makes it more susceptible to human assault. No
one needs to break into your data center to steal, hurt, or violate it. Cyberattackers might threaten your
valuables from home. Innovative digital asset management requires a well-thought-out cybersecurity
strategy.
► Looking for difficulties and/or opportunities
Best asset managers don’t rest on their couches and wait for chances; they hunt for innovative ways to use
their assets to produce additional value. Data assets may give a company new ideas, lines of business,
markets, and dangers to avoid or consider. You must actively mine your data for insights.
 Ways to manage data assets effectively.

Organizations may efficiently manage their data assets in the following ways:
► Lowering data costs
Higher data management expenses result from many businesses’ tendency to maintain a lot of data that is hardly utilized. Additionally, it costs more to
archive, safeguard, and preserve all unused data inside the organization. By removing data that the firm no longer requires, an organization should try to
lower data management expenses (or perhaps never needed).
Additionally, a business should only spend money on data it does not already have when purchasing new data sets. They should delete the outdated data if
they need to obtain a fresh set that matches the current ones. This will aid in lowering the instances of duplicate data, which raises the cost of data storage.
► Improve the value of current data
Find innovative methods to extract value from your data to help your business manage your data assets more efficiently. For instance, a company should
reassess the value obtained from current data and see if other methods exist to utilize the data to increase its value. To generate more money, it could
potentially think about taking actions like selling the data to other parties.
► Data security and inventory
Data integrity must be guaranteed by appropriate data storage and security. Every piece of data that a corporation has should be included in a catalog along
with a short description. The description needs to state how the data is utilized, where it is kept, and when it was produced.
The information should also be available to all staff members of the organization. There should be a straightforward request procedure if they need
permission to access the data. By allowing a small group of personnel access, a business should also protect the data’s integrity.
 Types of Backups

There are three main backup types used to back up all digital assets:
► Full backup:
The most basic and comprehensive backup method, where all data is sent to another location.
► Incremental backup:
Backs up all files that have changed since the last backup occurred.
► Differential backup:
Backs up only copies of all files that have changed since the last full backup.
Not all IT organizations can support all backup types since network capability may vary from organization to organization.
Choosing the right backup method requires a tactical approach — one that can help organizations get the best level of data
protection without demanding too much from the network. However, before determining which backup method best suits the needs
of your business, you need to understand the ins and outs of the three main backup types mentioned above.
 Full Backup

A full backup involves the creation of a complete copy of an organization’s files, folders, SaaS data and hard drives. Essentially, all
the data is backed up into a single version and moved to a storage device. It’s the perfect protection against data loss when you
factor in recovery speed and simplicity. However, the time and expense required to copy all the data (all the time) may make it an
undesirable option for many IT professionals.
How does full backup work?
Let’s say you have to back up photos from Monday to Friday.
► Monday: You perform a full backup for 100 photos. You get an image file of 100 photos.
► Tuesday: You add another 100 photos and perform a full backup. You get an image file of 200 photos.
► Wednesday: You delete 100 photos and then perform a full backup. You get an image file of 100 photos.
► Thursday: You make no changes to your photos and perform a full backup. You get an image file of 100 photos.
► Friday: You add 200 photos and perform a full backup. You get an image file of 300 photos.
You get five backup files containing 800 photos. Should a data loss incident occur and you need to recover all the photos, simply
restore the last version to get all 800 photos.
 Full Backup: Pros and Cons

► Pros
• Quick restore time
• Storage management is easy since all the data is stored on a single version
• Easy version control allows you to maintain and restore different versions without breaking a sweat
• File search is easy as it gets
► Cons
• Demands the most storage space comparatively
• Depending on their size, it takes a long time to back up files
• The need for additional storage space makes it the most expensive backup method
• The risk of data loss is high since all the data is stored in one place
► When should you use full backup?
Small businesses that deal consistently with a small amount of data may find full backup a good fit since it won’t eat up their
storage space or take too much time to back up.
 Incremental Backup

Incremental backup involves backing up all the files, folders, SaaS data and hard drives that have changed since the last backup
activity. This could be the most recent full backup in the chain or the last incremental backup. Only the recent changes (increments)
are backed up, consuming less storage space and resulting in a speedy backup. However, the recovery time is longer since more
backup files will need to be accessed.
How does incremental backup work?
Let’s say you have to back up photos from Monday to Thursday.
► Monday: You add 100 photos and perform a full backup. You get an image file of 100 photos.
► Tuesday: You add another 100 photos (now you have 200 photos) and perform an incremental backup. You get an image file of
100 photos.
► Wednesday: You make no changes and perform an incremental backup. You get an empty image file.
► Thursday: You delete 100 photos and edit the other 100 photos there and perform an incremental backup. You get an image
file of only the edited 100 photos.
You get three image files containing 300 photos in total. In case you need to recover all the photos, restore all the image files since
the last full backup, including the last full backup and the later incremental backups, to get your 200 photos (including the deleted
100 photos).
 Incremental Backup: Pros and Cons

► Here are the advantages and disadvantages of running an incremental backup method:
► Pros
• Efficient use of storage space since files are not duplicated in their entirety
• Lightning-fast backups
• Can be run as often as desired, with each increment being an individual recovery point
► Cons
• Time-consuming restoration since data must be pieced together from multiple backups
• Successful recovery is only possible if all the backup files are damage-proof
• File search is cumbersome – you need to scout more than one backup set to restore a specific file
► When should you use incremental backup?
► Businesses that deal with large volumes of data and cannot dedicate time to the backup process will find incremental backup
methods effective since they take up less storage space and encourage fast backups.
 Differential Backup

Differential backup falls between full backup and incremental backup. It involves backing up files, folders and hard drives that were created or changed since
the last full backup (compared to just the changes since the last incremental backup). Only a small volume of data is backed up between the time interval of the
last backup and the current one, consuming less storage space and requiring less time and investment.

How does differential backup work?

► Let’s say you have to back up photos from Monday to Thursday.
• Monday: You have 200 photos and perform a full backup. You get an image file of 200 photos.
• Tuesday: You add another 200 photos (a total of 400 photos) and perform a differential backup. You get an image file of the newly added 200 photos.
• Wednesday: You make no changes and perform a differential backup on the existing 400 photos. You get an image file of the newly added 200 photos on
Tuesday.
• Thursday: You delete 100 photos and edit another 100 photos (total of 300 photos) and perform a differential backup. You get image files of 100 photos,
200 photos and 300 photos.
► Recovering 100 photos: Both deletion and editing happen to the added 200 photos. The differential backup will back up the edited 100 photos.
► Recovering 200 photos: If you delete 100 photos from the added photos and edit 100 photos from the original photos, the differential backup will back up
the edited 100 photos and the 100 added photos (left after deletion).
► Recovering 300 photos: The differential backup will back up the edited 100 photos and the added 200 photos.
 Differential Backup: Pros and Cons

Here are the advantages and disadvantages of running a differential backup method:
► Pros
• Takes less space than full backups
• Faster restoration than incremental backups
• Much faster backups than full backups
► Cons
• Potential for failed recovery if any of the backup sets are incomplete
• Compared to incremental backups, the backup takes longer and requires more storage space
• Compared to full backups, restoration is slow and complex
► When should you use differential backup?
► Small and medium-sized organizations that want to process large volumes of valuable data but cannot perform constant
backups will find the differential backup method useful.
 What Is a Storage Area Network (SAN)?

► A Storage Area Network (SAN) is a specialized, high-speed

network that provides network access to storage devices. SANs
are typically composed of hosts, switches, storage elements, and
storage devices that are interconnected using a variety of
technologies, topologies, and protocols. SANs may span multiple
sites.
► A SAN presents storage devices to a host such that the storage
appears to be locally attached. This simplified presentation of
storage to a host is accomplished through the use of different
types of virtualization.
 SAN versus NAS storage

► Unlike direct-attached storage (DAS), network-based storage allows more than one computer to access it through a
network, making it better for data sharing and collaboration. Its off-site storage capability also makes it better suited
for backups and data protection. Two typical network-based storage setups are network-attached storage (NAS) and
storage area network (SAN).
► NAS is often a single device made up of redundant storage containers or a redundant array of independent disks
(RAID). SAN storage can be a network of multiple devices, including SSD and flash storage, hybrid storage, hybrid
cloud storage, backup software and appliances, and cloud storage. It's important to choose the right one that suits your
use cases. Here are how NAS and SAN differ:
 SAN NAS
► Network of multiple devices ✔ Single storage device or RAID
✔ File storage system
► Block storage system ✔ TCP/IP Ethernet network
► Fibre-Channel network ✔ Limited users
✔ Limited speed
► Optimized for multiple users ✔ Limited expansion options
► Faster performance ✔ Lower cost and easy setup
► Highly expandable
► Higher cost and complex setup
 What are the advantages of a SAN

► The SAN frees the storage device so that it isn't on a particular server bus. It attaches storage directly to the network, so storage is
externalized and functionally distributed across the organization. The SAN also centralizes storage devices and the clustering of servers,
potentially achieving easier and inexpensive centralized administration, lowering the total cost of ownership.
► Typically using block-level storage systems, SANs allow data-moving applications to perform better by transmitting data directly from the
source to the target with little server intervention. But organizations can use any network file systems (NFS) appropriate for their
infrastructures. SANs also allow multiple hosts to access multiple storage devices connected to the same network in new network
architectures. A SAN can offer the following benefits:
► Improved application availability
Storage exists independently of applications, and it's accessible through multiple paths for increased reliability, availability and serviceability.
► Better application performance
SANs offload and move storage processing from servers onto separate networks.
► Central and consolidated
SANs make simpler management, scalability, flexibility and high availability possible.
► Remote site data transfer and vaulting
SANs protect data from disaster and malicious attacks with a remote copy.
► Simple centralized management
SANs simplify management by creating single images of storage media.
 Types of SAN storage connections

► A storage area network protocol is a type of connection that determines how devices and switches communicate
with each other within a SAN fabric. A SAN can use one protocol or many. Certain devices are multiprotocol
routers and devices.
► Multiprotocol routers and devices provide improved scalability, security and manageability. They enable devices in
separate SAN fabrics to communicate without merging fabrics into a single, large meta-SAN fabric. Depending on
the manufacturer, multiprotocol routers and devices support many protocols, like Server Message Block (SMB),
and offer their own features, such as zoning. Here's a list of SAN connection types:
► Internet Small Computer System Interface
► Fibre Channel Protocol
► Fibre Channel over Ethernet
► Fibre Channel over IP
► Non-Volatile Memory Express over Fibre Channel