Data Security - DeveloPassion

# Data Security Data security encompasses the practices, technologies, and policies that protect digital information from unauthorized access, corruption, or theft throughout its lifecycle. The CIA triad—Confidentiality, Integrity, and Availability—forms the foundation: data should only be accessible to authorized users (confidentiality), remain accurate and unaltered (integrity), and be available when needed (availability). As more personal and business data moves online, security breaches have become common, making data security essential for individuals and organizations alike. For personal data, security involves encryption (at rest and in transit), strong authentication (passwords, 2FA, passkeys), secure backups, and awareness of threats like phishing and malware. [[Local-First Software]] and [[Offline-First]] approaches can enhance security by reducing attack surface—data stored locally isn't exposed to cloud breaches. End-to-end encryption ensures only you can read your data. The principle of least privilege, regular updates, and defense in depth (multiple layers) are core strategies. Data security connects to [[Data Ownership]]—you can't truly own data you can't protect. ## The CIA Triad ``` ┌─────────────────────────────────────────────────────────────┐ │ THE CIA TRIAD │ │ (Information Security Foundation) │ ├─────────────────────────────────────────────────────────────┤ │ │ │ CONFIDENTIALITY │ │ ┌─────────────┐ │ │ │ Only │ │ │ │ authorized │ │ │ │ access │ │ │ └──────┬──────┘ │ │ │ │ │ ┌────────────┼────────────┐ │ │ │ │ │ │ │ ▼ │ ▼ │ │ ┌─────────────┐ │ ┌─────────────┐ │ │ │ INTEGRITY │ │ │AVAILABILITY │ │ │ │ │◄────┴────►│ │ │ │ │ Data is │ │ Accessible │ │ │ │ accurate, │ │ when │ │ │ │ unaltered │ │ needed │ │ │ └─────────────┘ └─────────────┘ │ │ │ └─────────────────────────────────────────────────────────────┘ ``` ## Security Layers | Layer | Description | |-------|-------------| | **Physical** | Device security, locks, biometrics | | **Network** | Firewalls, VPN, secure Wi-Fi | | **Application** | Secure software, updates | | **Data** | Encryption, access controls | | **User** | Passwords, 2FA, awareness | ## Key Concepts | Concept | Description | |---------|-------------| | **Encryption at rest** | Data encrypted when stored | | **Encryption in transit** | Data encrypted during transfer (TLS) | | **End-to-end encryption** | Only sender/receiver can read | | **Zero-knowledge** | Provider can't access your data | | **2FA/MFA** | Multiple authentication factors | | **Principle of least privilege** | Minimal necessary access | ## Common Threats | Threat | Description | |--------|-------------| | **Phishing** | Fake emails/sites stealing credentials | | **Malware** | Viruses, ransomware, spyware | | **Data breaches** | Unauthorized access to databases | | **Man-in-the-middle** | Intercepting communications | | **Social engineering** | Manipulating people for access | | **Insider threats** | Malicious employees | ## Personal Security Practices | Practice | Description | |----------|-------------| | **Unique passwords** | Different password per service | | **Password manager** | Bitwarden, 1Password, KeePass | | **2FA everywhere** | TOTP apps, hardware keys | | **Regular backups** | 3-2-1 rule (3 copies, 2 media, 1 offsite) | | **Software updates** | Patch vulnerabilities promptly | | **Encryption** | Full disk, sensitive files | | **VPN on public Wi-Fi** | Protect network traffic | ## Encryption Types | Type | Use Case | |------|----------| | **AES-256** | File/disk encryption | | **RSA** | Key exchange, signatures | | **TLS/SSL** | Web traffic (HTTPS) | | **PGP/GPG** | Email encryption | | **Signal Protocol** | Messaging (E2E) | ## Security vs Convenience Trade-offs | More Secure | More Convenient | |-------------|-----------------| | Local storage | Cloud sync | | Complex passwords | Simple passwords | | 2FA required | Single sign-on | | Manual backups | Automatic cloud | | Air-gapped systems | Always connected | ## Local-First Security Benefits | Benefit | Description | |---------|-------------| | **Reduced attack surface** | No cloud server to breach | | **No third-party access** | Provider can't see data | | **Works offline** | No network vulnerabilities | | **You control encryption** | Keys never leave device | ## References - https://www.owasp.org/ (Web security) - https://www.nist.gov/cybersecurity (Standards) - https://haveibeenpwned.com/ (Breach checking) ## Related - [[Data Ownership]] - [[Local-First Software]] - [[Offline-First]] - [[Encryption]] - [[Backup Strategies]]