Data Protection general practices

Data Protection Layers:
- Application
- Database
- File System

Operation Cost Factors:
- Performance
- Storage: data storage requirements
- Security
- Transparency: change to applications, and supports to utilities.

Data Protection options:
- Clear: actual value

- Hash: unreadable, not reversible
keyed hash(HMAC) provides strong protection
Considerations: key rotation

- Encryption: unreadable, reversible
Considerations: storage type, transparency to applications, key rotation

- Format controlling encryption: unreadable, reversible
Considerations: key rotation.

- Replacement(tokens): unreadable, reversible
Proxy value created to replace original data.
Considertations: transparency for applications needing original data.

Continuous data protection:
- Automatically save a copy of every change made to the data. It allows the user or administrator to restore data to any point in time.

- Advantage: Most continuous data protection solutions save byte or block-level differences rather than file-level differences. So if the portion of write data is small, save only the write changes will require less space on backup media.

- Cost: introduce extra disk write operations and continuous network usage.