Written By: Nick Kelley, Application Developer
How to Approach Data Security
When most people think of security in relation to IT, they tend to imagine rooms full of hardware and cables with a person staring at a bank of camera screens at someone dressed in all black, plugging into the ‘system’ and siphoning off information. While this makes sense for a work of fiction, there is a whole other side to security that is just as important – data security. The validity of the data itself needs to also be protected programmatically through a combination of user validation, data validation and error handling. Below are just a few ways to approach data security from an application perspective.
User validation in an IT environment boils down to who you are and what you can do. Well written programs, store and present both these credentials in such a way that they are kept safe from other programs or entities through a combination of encryption and validation checks. Ensuring that usernames and passwords are kept obscured from the ‘outside world’ is a crucial step in safeguarding your systems from those that are not meant to see them.
Data validation goes much deeper than ensuring that a word is not stored where a date should be. Ensuring that all points of data entry are protected from malicious data entry is of the utmost importance. There is a story of a website that allowed high school students to input their own senior quotes for the yearbook. One savvy student worded his quote in such a way that it was interpreted by the system to delete the entire student table from the database and all data was lost. Preventing this type of attack, called SQL injection, is something that needs to be on the forefront of any programmer or developer’s mind as they are writing any kind of software that deals with user input.
Error handling is the backbone of any program worth its salt. In the rare instance that an error does occur, ensuring that that no system specific information is made available to the end user thus preventing the data source’s integrity from being compromised and allowing for a quick and seamless recovery from issues, is critical to guaranteeing that your environment is as secure and stable as possible.
While we all like to think that security is something that only relates to outside entities and those with mal-aligned intentions it goes much deeper than that. You must also take into account situations where information is not intended to be put into an environment where it is unsecure as well as scenarios when simple user errors can lead to severe problems for the validity of your information and data. These issues can be addressed in a programmatic way that serve to bolster the hardware security that is already in place. By addressing both of these areas of concern you can make certain that your data and IT environment is as secure as possible.
VantageOne Software is a leading onshore software development provider offering web, mobile and enterprise-level custom software and application services. For more than 20 years, our teams have used their technical expertise and in-depth domain knowledge to streamline organization’s operations for optimal success — a real competitive advantage. Certified as a Women’s Business Enterprise (WBE) through NEORSD and WBENC.