Protecting data is a major concern of organizations today. With so many people sharing so much about themselves online organizations must be careful and aware of ways to secure the data that they have. In this post, we will look at two different security models that are commonly deployed today. These two models are the CIA Triad and the DIE model. Either of these models is commonly used when developing a data governance plan for an organization.

CIA Triad

There are several different models used by organizations to examine data privacy. One example is the CIA triad. The CIA triad provides 3 concepts that must be kept in mind when attempting to protect the privacy of users.

“C” stands for confidentiality, in other words, organizations must be sure that the data they have cannot be accessed by others. The “I” stands for integrity. Integrity involves ensuring that data is not altered or changed without authorization. If the data is manipulated without user knowledge any insights derived from the data would be considered questionable.

The last letter in the CIA triad is “A.” The letter “A” stands for availability. Availability means that the data system is operational and can access the data. In other words, the security system cannot be so complex that nobody can get the data that is being protected.

DIE Model

Another security model that is commonly is the DIE model. DIE stands for distributed, immutable, and ephemeral. Distributed means that data should not be limited to one source in case of failures. For example, having multiple copies of data in multiple sources.

The “I” in DIE stands for immutable. Immutable in this context means that the infrastructure being used is replaceable without data loss whenever there is a problem. Again this relates to the idea of having multiple sources of the same data. Lastly, the “E” in DIE stands for ephemeral. Ephemeral means that if there is a data problem that it does not take a long time to get back up and running in the event of a data failure or breach.

Compare and Contrast

There are some similarities and differences between the CIA triad and DIE. Both are focused on data being available. For the CIA this is the “A” and for DIE this is the “I.” In addition, both models are focused on protecting data in terms of preventing changes and this is covered in the letter “I” in both models.

However, there are also some differences. The DIE model is considered much more scalable than the CIA triad. As such, smaller organizations may lean towards the CIA triad while larger organizations may lean towards the DIE model. Furthermore, DIE is focused on hardware and infrastructure while CIA is more data-focused.

Conclusion

Every model has its strengths and weaknesses. The best model depends on the needs of the organization. In either case, the CIA Triad or the DIE model can guide an organization that is looking for a roadmap for securing its data.