Introduction
The field of information technology has been faced with many challenges in its development. However, the security of data is arguably the main challenge in the whole industry. Every new product has to include an aspect of security to attract customers. This paper looks at the security of data in information technology areas to form an opinion on the state of affairs in that department of the industry. The ability of a programmer to come up with a foolproof system is thus a basic requirement in system development. However, the security of data zeros down to the data that is either in transit or at rest.
Major challenges in the security of data
The main challenges of the security of data as mentioned above are the data in transit and data at rest. For data at rest, the main security issues are the ability of an outside source to tamper with the information or even to access the information. The data contained in the databases of various companies include very confidential data that can lead to competitors’ advantages once exposed. Also, the key decisions of the board may be contained in the databanks of an organization. These data once exposed makes the company vulnerable to the malicious traits of the competitors.
As for data in transit, the company has to be certain that it reaches that intended destination. The capability of data was hacked and interfered with puts the company at risk of sending wrong data which could eventually lead to a court case. The company thus had to secure such data. Information about uncompleted contracts and tenders that is in transit should also be secured, the company should ensure that the data that is incomplete remains confidential otherwise another interested individual may get the information and place better bids at the expense of the company.
It is noted worth that the persons at both ends of communication are supposed to have high level of integrity. Leaking of the information about the security models used puts the firm at risk of hackers and black boxes. A hacker interrupts data in transit while a black box uses the data in transit
Programming languages
Data in computer computerized gadgets are presented in English or other languages. However, in the storage space, the data is stored in bytes. These are digital characters that represent the information that the user has stored. The programming languages come in generations and are common. Firms worldwide can be able to understand the information that is stored in orthodox programming languages. This brings about the need to change data, especially data in transit into a format that can only be understood by the authorized sources (Martin, 2008, p 89). The programming languages go in generations. The most recent generation is always preferred to be safer than the previous generations.
Compilers
In the development of safe languages, there is a need to transform the data that the user as from the low-level languages. High-level languages are more secure than low-level languages. The component of the computer that performs this task is the compiler. The compiler is able to read the data in a language, translate it into another language without changing the meaning and compromising the security of the data. The main purpose of a compiler is to develop a new system. However, to develop a secure system, a cross compiler is used. A cross compiler develops systems that can be used on different platforms other than the one that the compiler uses (Shearman, 2006, p65).
Coding of data can be done from various terminals. The ability of a hacker to encode the data using his compiler is the basic failure of a compiler. The programming language of the person making a program should always be updated so as to reflect the current changes in the market.
Encryption
Encryption is the term used in cryptography to refer to the act of transforming a plain text into ciphertext. A plain text is a text that can be read and understood by any user while a ciphertext is an information that can only be understood by the authorized sources. This mode of security is used for both data in transit and data at rest. The method was initially being used by military and security organs in maintaining their secrets. However, encryption has gained popularity and is being used by many civil bodies in securing data in their websites, in transit and also in their remote computers (Giesl, Hahnle, 2010, p94).
The process of transforming data back into a readable format is known as decryption. The person decrypting data has to have the authority to do so which is known as the key. Some encryption uses the same key at source and destinations while others use different keys at the source and at the destination. The use of different keys is usually considered to be safer as parties from both sides of the transit cannot collude as none knows the key used by the other persons (Schumann, 2001, p25).
The encryption of data is categorized according to the level of the program that is used in encrypting and the compiler that has been used in encrypting. The higher the level of language used the safer the encryption. It should also be understood that the recipient computer should have the relevant language to un-code / decrypt the data.
Recaptcha
The field of research and study has been made easier by the availability of online libraries where a person can be able to research different topics from office or home. These facilities have for a long time been vulnerable to unauthorized entry and access of data without the libraries benefiting from the information that they have stored in their online libraries. This led to Carbligie Mellon University coming up with a way to digitize books so that the persons who have access to the information contained in the libraries are only the ones that have the right to do so. Usually, the libraries allow access to persons who have paid the subscription fees. This format has been adopted by almost all online libraries. The digitizing of books has thus become safer. The keys that are used to allow entry into the sources change from time to time and this is to ensure that the persons who default in paying their subscription fees do not continue enjoying the benefits of using the libraries (Won, Kim, 2006, p 400).
This technology has also been used widely by other online users apart from the libraries. Common interactive sites like Facebook and Twitter always use this technology to verify the users of the site. The users are required to type a certain word to certify their use of the site. Also the technology was 2009 adopted by Google one of the greatest web browsers, the company uses the technology while registering new users to its systems.
Algorithmic tamper-proof
The tradition of data security has been the alienation of danger from those persons that have the information about the authorized users’ data like keys and passwords. However, it has been noted that other malicious persons commonly referred to as hackers can use computer functions refers to f to change the original key sk into another key f(sk) which can be used in decoding decrypting, or accessing secured data. Algorithmic tamper-proof comes in to cater for this. The program ensures that hackers and other unauthorized users are not able to come up with a new key. This is done by making sure that the initial key sk is not accessed (Levene, 2010, p 256).
The use of binary codes for data in transit has thus been alienated from unauthorized interference. The inability of the hackers and black boxes to access the initial key sk has been the major backing of the program. This security model is common in departmental communication and cross-company communication.
Non-repudiation
All the above-mentioned modes of security may have degrees of inefficiency however low. This means that even algorithmic tamper-proof can be tampered with by the man in the middle. The tempering gives rise to a need to verify that the data that reaches destination is the one that was originally sent by the sender. In this regard, the recipient of electronic data has to possess a verification mode of the data that he or she receives. This is known as non-repudiation (Fadia, 2009, p322).
Generally, the term refers to the ability of a person to deny information once he or she has appended his or her signature. Similarly in cryptography, the sender cannot denounce the validity of data once the recipient has certified that the data received is authentic. Non-repudiation is the commonly used method of certifying euthenics (Aho, 2007, p213).
Usually, it is the sender who notifies the recipient of the key to use to verify that the data received has not been tampered with along the way. The recipient banking on the key puts that data through a test. The sender thus cannot claim that the data is not the one that had been sent once the test had been passed.
This mode is not applicable to open-ended data. The invitation to tender and advertisement for positions that are done online to the general community cannot be coded otherwise it would beat the logic. Thus the persons sending this information should be keen not to include unnecessary data and data which can lead to the loss of the secrets of the company. This also applies to home sites of many companies. This is where the general information about the company is placed. The deliberation on what information to place in such sites should be guided by the risk that the exposure of such information carries.
Security proofs
A security proof is a procedure used to verify that the mode of security used cannot be tampered with. The theory behind the security of data is the inability of unauthorized sources from solving the problem that is created by the security. The dangers that are posed by unauthorized persons are referred to as black boxes. The hard it is for a black box to solve the problem the safer the mode of security is considered. It is vital for any firm or individual who wants to secure data to run security proof as to the programs that he or she is prospecting to use in securing data (Miller, 2009, p 56).
The security proofs can be carried out at various stages. One the sender of the information should carry out a security proof to ascertain him or her that the information shall reach the destination un-tampered. This should be done with the best programming language. Also the sender should communicate the key that the recipient should use so as to confirm that the sent data is the received data. This communication should also be foolproof. The data received by the recipient should be put through a test as directed by the sender.
Also, the data at the databases should be periodically checked. This is to ascertain that there has neither been unauthorized entry nor changes that have been made. It is vital to change the keys and passwords once a test has been made. This is to block the black boxes that may take advantage of the time immediately after the checks to carry out their vices.
Conclusion
The topic of data security is broad and may not be exhausted thoroughly in the unlimited space. However, the above-mentioned ways have been used by different organs with satisfactory success. As noted in the paper, there is yet to be made a program that is tamper-proof. The more the security is enhanced the better the black boxes become. Thus any user should use the newest security measure for both transit data and data at rest to ensure that data security is enhanced.
Apart from the above-mentioned methods of securing data, many firms have come up with several other ways. However, the modes that have been discussed in this paper are commonly used and have been proved to work. It is recommended that every company or user of information technology measure the importance of the information before deciding the security mode to use. Also, the risk that is involved in consideration. The financial input in the whole security process should be comparable to the financial income of the company and also the risk evaded by the institution of the security measures.
References
Aho, A. 2007. Compilers: principles, techniques, & tools. London: Sage
Fadia, A., 2009. Encryption: Protecting Your Data. London: Sage
Giesl, J., Hahnle, R., 2010. Automated Reasoning. London: Sage
Levene, M., 2010. An Introduction to Search Engines and Web Navigation. New York. : Springer.
Martin, L., 2008. Introduction to identity-based encryption. New York: Artech House
Miller, J., 2009. Compilers: A Practical Approach. New Jersey: Clark Group
Shearman, J., 2006. Information technology.. New York: Artech House
Schumann, J., 2001. Automated theorem proving in software engineering. New York: Artech House
Won, D., Kim, S., 2006. Information security and cryptology: ICISC 2005. New York. : Springer.