Data integrity is best defined as the accuracy, consistency and reliability of data in transit and at rest. Quality data adheres to a number of standards, beginning with confidentiality, integrity and availability (CIA). Commonly known as the CIA triad, any organization that processes the private data of consumers needs to be mindful of the concept.
Maintaining data integrity goes hand in hand with data security, which involves keeping data safe from breaches. Data integrity is a means to keep the data accurate for use. Intent (deliberate) and accident (un-intentional) actions each influence what can go sideways with data integrity. Users of raw data may refine the data and/or place it in a format that is suitable for further analysis or use. Informed decision making walks a fine line between maintaining data integrity, while allowing enough mutability to address business needs.
CIA Triad As it Relates to Data Integrity and Security
- Confidentiality – private or sensitive data is restricted for use, so only those who need access and viewing
- Integrity – data is kept free of tampering, unintended or unauthorized changes as organizations to make sure it is kept accurate, reliable and correct.
- Availability – data must be kept available for authorized users immediately upon request, especially for customers.
Other Expectations for Data Use As Per Integrity
Data is expected to meet certain levels of quality in order to be usable. The following qualities can be used as a measure:
- Attributable – Data should clearly indicate who observed and recorded the data, timestamped with details of who or what it is about
- Accessible – Data should be easy to interpret, with versions – including original ones – recorded in a permanent, secure place free from tampering.
- Original – In case users need to revert to previous versions, an original version should be made available
- Accurate – Data should be as error free as possible and provide the information as intended by the user. Input or record data as it was observed, and at the time it was executed.
Types of Data Integrity Compromises
In any type of organization, data can be processed in a number of ways, including, but not limited to transferring, replicating, compressing and storing. During any of these processes, requirements must be set to make sure the data is as intact and unmodified as possible. If the data is accessed by someone, s/he can tamper with it, or grant unrestricted access to others, potentially causing serious harm to the data.
Not only can data integrity be compromised, data integrity can be put at risk due to several factors, including human error, bugs and viruses, hardware errors (e.g. disc drive errors) and transfer errors.
Causes of Data Integrity Compromise
One of the most basic data integrity threats is human error, such as entering information incorrectly, duplicating data, or unintentionally deleting data. Humans may also not follow the correct guidelines – either for data management or security. Transfer errors occur when data doesn’t successfully occur from one table (source) to another (relational).
Cybercrime at the hands of malicious actors may also occur. There are multiple forms of bugs and viruses that bad actors can use to target data, such as malware, ransomware and spyware. Once inside, bad actors can access restricted data objects along the attack surface, cause more damage or put it in the hands of the wrong people.
How to Protect Data Integrity
Protecting data integrity will help organization to achieve stability, performance and reusability. Security controls tend to be implemented based on vulnerabilities that are viewed in light of the CIA triad. Development teams should implement quality controls that can be assured by implementing a DevSecOps program, which ensures that data is processed using a combination of people, processes and technology.
Programmers typically use error checking methods and validation procedures to ensure the integrity of data that is transferred or reproduced without intending to alter it. The following are methods typically used to ensure data integrity.
Keep Physical Parameters Secure
Data integrity extends to the physical computing devices that store data from which users can retrieve it. Hardware and other physical devices can be subject to compromise, such as natural disasters, power outage a data breach (either inside or outside job). If the physical integrity is compromised, access to accurate, reliable data is compromised.
Ensure consistent change management, service management, and system continuity by securing your physical parameters. Continuous development can go uninterrupted for longer stretches while systems remain supported.
Keep Database Processes Consistent and Accurate
Data integrity also extends to the databases that store and process data. There is a handful of ways to manage database security, all based around integrity:
Entity integrity – databases should only contain the information that is necessary and not more than needed. If possible, there should be no data repetition and no null values.
Referential integrity – foreign keys (table key tied to a primary key on another table) and primary keys (unique identifying key), should always be consistent across databases in keeping database relationships consistent.
Domain integrity – standardizing the way that data is input will help to ensure consistency across databases. Data users will want to determine what data is in scope, how the data will be recorded (including field values) and more.
Audit data trails
ID, date and time stamp, changes to data. Ensure accurate data ownership is clear, trustworthiness of electronic records, ensure that records do not get modified without permission. Make sure records are not improperly handled, e.g. modified or deleted.
Restrict data and database access
The principal of “least privilege” should apply, so that users that access a database are limited to accessing data and resources on an “as needed” basis. Maintain strict password restrictions, including multiple authentication layers.
Have a data backup and restore plan in place
In the case of a system outage, application error or data loss. We recommend implementing a data backup and restore strategy. Recovery and reconstruction of lost data files can occur more seamlessly with a backup, which will help to protect data integrity of recovered files.
Other ways to protect data integrity within your organization include training on data use and maintenance, and conducting internal audits on the state and condition of data.
ThreatModel to Ensure Data Integrity
Threat modeling can help an organization to prevent inconsistencies or errors in data handling, while preventing liabilities that may occur. Threat modeling helps organizations to better understand their attack surface, and the performance of their data storage. ThreatModeler has taken the guesswork – plus a slew of other challenges – out of the equation with its innovative, automated platform.
ThreatModeler enables security teams to build threat models out of the box with content libraries that pull updated content from credible resources including OWASP, CAPEC, the NVD, AWS and Azure. To learn how ThreatModeler can help your organization to achieve data with security and integrity, schedule a live demo. You can also contact us to speak with a threat modeling expert.