Leaks of such data are unacceptable and any IT-company must apply measures to protect these data.
CIA: Confidentiality, Integrity and Availability
These are the three pillars that the modern concept of the digital security lays on and any company must comply with them. The three criteria describe the below crucial aspects:
- Authorized or unauthorized access to information;
- Assuring the trustworthy of information;
- Managing access to information via physical means.
Let’s consider the CIA concept in more detail
- Confidentiality is often confused with privacy, but they are different ideas. Confidentiality deals with any sensitive data and defines access restrictions to them. Generally, its goal is to forbid access to the wrong people and allow access to authorized people.
- Integrity tracks and assures the consistency and trustworthiness of the information at any stage. It demands the immutability of the data both in transit and at the endpoints. Practically, it will deal with permissions to access files and users’ rights.
- Availability parameter is applied to the hardware. It determines the rules of system maintenance, the necessity of upgrades and making regular backups.
All means of modern digital security are associated with the above ideas.
Internet security protection capabilities we use
Modern digital security can be guaranteed by a set of means only. They must protect the data on several levels at once, and the more such means are in action, the better.
- GDPR compliance
This is the set of requirements that determine how companies can gather and handle personal information. The criteria are applied to all companies that save such data of their visitors and customers within the EU countries. It does not matter if they provide their services in these states, or not. Our company follows the GDPR guidelines.
- Data encryption
It is one of the most famous, powerful, and safest methods of data protection. Even if someone can steal such encrypted data, the information will remain unreadable. Modern encryption methods provide the most profound degree of data protection. Hence, it would require too much time and effort to crack them. We encrypt the data in transit and databases (hard drives or the cloud) with strong keys. The storage of such keys is protected separately, so, we can guarantee the highest security level.
- HTTPS and certificates
HTTPS connection and SSL and TLS certificates belong to the basic obligatory security means. These are the keys installed on the servers to assure the data encryption in transit when you access web resources. You get the information decrypted on your side, and this guarantees that no sensitive information can eavesdrop in the process. All websites should have SSL certificates now, and our company obeys this requirement. We apply the SSL certificates to all resources accessible through the Internet.
- Digital Signatures
This is the method applied mostly for the data in transit. When you exchange any data with another party, the digital signature will verify the sender’s identity. Also, it can assure the immutability of the content that is set and accepted.
- SSH Keys
SSH keys must provide and control access to sensitive resources. The difference is that these means deal with the automated processes between the machines. These keys must secure such procedures as database updates, backups, system maintenance. Also, these measures are widely used for remote administration and data transmitting.
- Encrypted hard drives
The above-mentioned means deal with the data in transit. When it comes to the data in storage, we automatically encrypt them all as a whole on the disk. As a result, no one without the granted access can get to this information and read it. There are additional measures as well – the encryption of folders and separate files. Still, the full encryption of the hard drive is preferable but comes in cost of performance.
- Using Antivirus
This is also one of the basic means of obligatory for every machine. This software must scan and detect possible harmful agents hidden in the internal system. The antivirus software must receive constant updates with the information on new threats and how to identify them.
- Private code repositories
The code is the core of every software product, and its protection is the first and highest priority. We keep the code in the private repository that we find reliable and safe. This repository can protect it from any damage and unauthorized access attempts. It also gives many possibilities to manage the code itself.
- Third-party software tests
Many of the modern products imply integration with third-party services. An additional risk factor appears as it is hard to guarantee the required security level for someone else’s product. Our team uses only community tested and well-established solutions and work with the partners who care about the safety on their side. We also test and verify their performance and security ourselves. No third-party solution gets into collaboration without these tests.
- Penetration tests
These are regular tests that we run for our systems to assure it can resist any attacking attempts and is secure against all sorts of vulnerabilities and malicious behavior. We initiate such attacks at their full capacity to examine how well our servers and software products resist the threats. It also lets us find and fix any weaknesses in the structure. We run the penetration tests of both the external and internal types. External penetration tests are for hostile attempts directed from outside. Internal tests check if unauthorized employees can get access from within.
This is a well-known method of providing network security. Its usage lets establish a private channel between our network and the users. This is an encrypted channel, and all information that comes through it is protected from being intercepted by any other parties.
- Private subnets
This often concerns web applications with public interfaces and back-end elements in private subnets. Even if the penetrator succeeds in the public subnet, it would be much more problematic to break through the private subnet. It is much better protected by default.
- Network firewalls
This type of software usually works well in collaboration with antivirus. The firewall must stop any hacking attempts and block any viruses, worms, and malware agents breaking through. In some cases, if the threat passes the firewall barrier, the anti-virus will detect and isolate it.
The best way to ensure the appropriate security level is to use all available means of protection at once if the type of data requires and allows this practice.
All security means come with certain disadvantages in terms of overhead or performance losses that need to be considered. They should supplement each other in every stage to protect the data and the connection. We value the safety of our products and services and apply the available means to guarantee their confidentiality, integrity, and availability.