The Security Evangelist, Lesson III: Integrity

In this post, I am going to talk about integrity.

When talking about security, integrity is one of those factors that most people take for granted. At its most basic level, integrity is about making sure that the data you put somewhere is exactly what you get out, that it has not been corrupted or modified in any sense.

For individuals, this means that the data must be kept exactly as you put it in. You do not want the data to become corrupted, accidentally deleted or lost. Nobody wants to lose those really cute pictures of their baby or their honeymoon, or to realize that the 10 hours they spent updating a CV have been wasted because the document is corrupt.

In a business setting, there are multiple types of data, they may have different levels of importance, but it is critical that the integrity is maintained on all of them. It is important that the file data doesn’t get modified inadvertently or by unauthorized users, but also that any modifications to the file’s content are known and understood.

There is also a need to prove that integrity has been maintained at all times, with strict requirements for compliance or auditing purposes.

Integrity can be compromised in multiple ways, which may be malicious or not. Some of the typical ones are:

- Internal 

  • People accidentally modify or delete data
  • Misconfiguration allows modification of data by unauthorized personnel
  • Lack of logging and monitoring prevents the company from proving that the data has not been modified
  • Lack of logging prevent the identification of change authors
  • Sharing of credentials prevent determining who is responsible for modification
  • Software bugs cause data corruption

- External

  • Attackers modify customer or critical data
  • Misconfiguration enables attackers to modify confidential information
  • Human error causes confidential data to be corrupted

The three main ways of ensuring data integrity are:

  1. Restricting access to the data
  2. Identification of all the changes and who made them
  3. Being able to verify all changes applied to a set of data against a known baseline

As usual with security, it is not enough to set and enforce a static set of rules, you should continuously review them, monitor for unauthorized access and verify that the audit log contains enough accurate information.

A safe assumption to make is that you lose control of data once it leaves your system. If you want to ensure that you can verify the data you receive from external actors, you have to check anything they send you against the original document that you sent out. Workshare Comparison Edition enables you to get a clear overview of everything that has been changed between two versions of a document, no matter how it is sent or received. And, with the Sharing Edition you get full access to compare any two versions of an existing document history and a full audit log on who accesses a document or uploads new versions.

In the next post, we will talk about how you can prove whether data integrity has been compromised.