Data Security is the process of protecting a document, private data, financial data etc. as a document or in a database. For instance, many accountants and lawyers won’t send you documents through an email unless they can send it password protected or they send it through a secure link in a protected file that only a few have permission to access. Or a screen may mask all but the last 4 digits of your ssn number so it cannot be seen. In essence that is one level of security securing the data itself by masking of controlling access.
Data Layer Security is the construction of protecting your data at every level where the data sits. One level is the building in which it resides, the room, the hardware, the firewall software that surrounds it. Then you have the data containers, database, tables, columns and the GUI, the at rest and the in-transit processes. These are all states where you need to protect your data.
Data Layer Security is the construction of a fortress with many ways to protect the data. For instance, first you build the fort, the container for the data that looks and is formidable, then you add a firewall and control all access points to keep the less talented hackers away. You can control access to the fort with a drawbridge or by setting up identification processes, you must say your name and password. But someone could swim the moat, fake the name and password then still get into the fortress but is the vault accessible? If you encrypt the storage facility, then encrypt the treasure itself then the vault is hidden, and the treasure within unusable. If you set up protections, tracking and backup what you hold dear to your company you can protect that data vault. Don’t forget about roles, access, and ownership. You need to remember that you don’t want to give everyone the ability to rebuild or destroy your fortress and you do want to track who made what changes and when. Not all data corruptions or breaches or mishandling comes from outside attacks sometimes they are caused by human error or because a person left that had ownership of everything and now no one knows what is going on. There are so many things to consider when protecting data. It starts with the building but ends in the tiniest of details.
In my mind you want to build the fortress, you want the drawbridge and the moat, but if someone makes their way in you need to ensure you protect the data at every view level and make certain that more than one trustworthy person holds the keys but control each person’s access through roles and tracking. In this business DTA (don’t trust anyone (completely)) because every person is human, and any person can leave. So, protect with gates, doors and walls but also look at all of the ways you could be locked out from your environment.