This literature review examines strategies for achieving Confidentiality, Integrity, and Availability (the CIA triad) within shared centralized data processing environments. The paper traces the historical development of centralized data processing from the 1950s onward, defines each component of the CIA triad, and identifies the primary security vulnerabilities inherent to shared systems — including hardware and software weaknesses, network threats, active and passive infiltration, and cloud computing risks. Drawing on sources ranging from Stallings and Whitman to NIST guidelines and cloud computing literature, the review also outlines recommended security protocols such as risk assessment, physical security measures, encryption, and monitoring of communication points to help organizations protect their information assets.
In a contemporary business environment, shared centralized data processing has become a critical requirement for modern data management. The centralized shared processing environment allows multiple companies to process large quantities of data remotely within a short period. In other words, a centralized data processing system is a strategy in which data processing is performed by a single computer or a cluster of coupled computers, and all data processing operations are carried out through a central computer system. Klausm et al. (2007) argue that centralized processing operations began in the 1950s. From the 1960s onward, many companies used centralized computer systems to connect their headquarters and branch office systems. Between the 1980s and 1990s, there was a proliferation of LANs (Local Area Networks) and personal computers, enabling organizations to share data with employees within a single location.
The rapid development of information technology has produced high volumes of data, giving business agents the opportunity to process data in real time and access a shared repository of information systems. Business organizations with similar services have taken advantage of the internet and the development of information systems to implement centralized shared data processing. Some of the transaction processing facility systems that have leveraged centralized shared data processing include hotel reservation systems, credit verification and authorization, electronic fund transfer, communication transaction routing, and loan payment processing. The centralized shared data processing system is thus able to provide responsive data processing solutions for many organizations.
The complexity of information requirements in the contemporary business environment is driving an increasing number of organizations to implement shared and centralized data processing strategies. Distributing information over a network requires the interconnection of multiple sites. In the centralized data processing environment, one machine controls access to files and updates, and the centralized system responds to organizational needs with respect to programs and data. In a purely centralized data processing model, all organizational data reside in a centralized data center, including shared files, domain authentication services, applications, and email. The benefits of centralized shared data processing include lower operational costs and capital expenditure, less administrative overhead, and reduced backup complexity. A centralized model also provides an efficient processing environment.
Despite these benefits, a major concern is security. Achieving the CIA triad (Confidentiality, Integrity, and Availability) is becoming increasingly challenging for organizations operating within a shared centralized data processing environment, and designing an information security system capable of safeguarding organizational data presents a significant challenge. Dongarra (2012) notes that a centralized shared computer system is a high-performance machine with shared-memory systems containing multiple CPUs (central processing units). Choi, Chun, Kim et al. (2013) argue that forgery is the major security concern of centralized shared data processing: since all data exist in digital form, data can be created, manipulated, and modified in many ways, and a sophisticated attacker can easily modify or forge data in transit, exposing it to serious threats.
Ernst & Young (2014) support this argument by noting that a centralized shared data processing approach presents both opportunities and risks. The centralized approach can provide greater data processing efficiency at lower costs; however, organizations face the risk of losing their data if effective data security is not implemented. Olivier (2010) further argues that implementing effective data privacy is one of the major challenges within a shared centralized data processing environment, but that an effective security system can be achieved by balancing privacy with confidentiality, integrity, and availability. In other words, organizations are required to design effective information security frameworks that enhance the confidentiality, integrity, and availability of their data.
Several reasons motivated this literature review of strategies for achieving Confidentiality, Integrity, and Availability within a shared centralized data processing environment. First, the research results will advance the current state of knowledge among business managers across the United States and globally. In the contemporary business environment, organizations are increasingly facing security threats that cause losses of data worth billions of dollars. The findings will assist business managers in understanding the inherent security risks associated with the design of centralized shared data processing systems and the strategies they can employ to enhance the CIA triad within their data centers.
The research also has implications for government agencies, as an increasing number of governments use centralized data processing centers to share data across multiple agencies. The study will therefore enhance governments' understanding of strategies for integrating security systems within their centralized data processing centers. Additionally, the research will benefit the academic community by exploring how business organizations and researchers can achieve Confidentiality, Integrity, and Availability within shared centralized data processing environments. In the United States, a growing number of companies use centralized data processing to lower IT investment costs, yet the literature addressing specific strategies for achieving the CIA triad in these environments remains sparse. This study attempts to fill that gap and contribute to the broader body of knowledge on the subject.
Information security refers to the protection of an organization's significant information assets. Confidentiality, integrity, and availability are the most crucial aspects of information security. Andress (2011) argues that the CIA triad is one of the oldest methods of information security and is used for Information Assurance (IA). The CIA concepts represent the fundamental security objectives for centralized shared data processing systems and are designed to assist organizations in enhancing information assurance. It is critical to understand that the loss of any element of the CIA triad can have both moderate and severe impacts on business organizations — for example, a loss of CIA can lead to data loss, which may seriously affect organizational operations and assets, including significant degradation of organizational vision and mission and loss of major financial assets.
Stallings (2011) supports this view by noting that the heart of computer security is Confidentiality, Integrity, and Availability. Confidentiality refers to the necessary steps an organization takes to prevent the unlawful release of information assets and is synonymous with privacy. Haughn and Gibilisco (2014) define confidentiality as a set of rules that limits people's access to information. In practice, organizations take concrete measures to ensure that sensitive information does not reach unauthorized individuals while ensuring that authorized individuals can access the information they need. Ballad, Ballad, and Banks (2010) describe confidentiality as the principle that information must only be copied or accessed by individuals who have the right to do so. A confidentiality breach occurs when an unauthorized individual gains access to sensitive information — for example, when hardware or a laptop containing sensitive information is stolen. Stallings (2011) also incorporates the concept of privacy within confidentiality, referring to the "assurance of individuals' control or influence over what information related to them may be collected and stored, and by whom and to whom that information may be disclosed" (Stallings, 2011, p. 4).
The concept of integrity refers to the assurance that information is accurate and trustworthy and that it is accessed only by authorized parties. Andress (2011) describes integrity as the ability to prevent data from being changed in an undesirable or unauthorized manner. A breach of integrity occurs when there is an unauthorized change or deletion of data. In other words, integrity is the strategy organizations employ to secure assets and ensure that only authorized parties have the right to modify information resources. Organizations are required to take necessary steps to prevent unauthorized alteration of data; version control is one such integrity measure. Modern operating systems such as Windows and Linux can prevent unauthorized data access, and many database applications can undo or reverse changes caused by unauthorized access (Andress, 2011).
Safeguarding data confidentiality requires specialized training to enhance employees' understanding of risk factors affecting information assets. Training strategies include instruction on creating strong passwords and understanding social engineering tactics that could lead employees to divulge sensitive information to unauthorized individuals. Data encryption is another method of enhancing confidentiality. Encryption transforms data into unreadable bits unless a security key is provided to decode the file. It is a standard security procedure using two-factor authentication, in which messages transmitted across a network are converted into ciphertext readable only by an authorized individual with a decryption key. Infosec Institute (2014) notes that encryption is an accepted strategy to protect data in transit: by 2007, 71% of all businesses in the United States used encryption to protect data in transit, while 53% used it to protect data at rest. Protecting physical data requires storage in locked cabinets continuously safeguarded through cameras, access control, and security personnel (Ballad, Ballad, & Banks, 2010).
Availability is the final component of the CIA triad, requiring that organizations keep all hardware available for data storage and access at all times. To enhance data availability, organizations should perform constant maintenance on hardware, upgrade all information systems to ensure they function properly, and implement data backup procedures — continuously copying all data and storing it in a remote or geographically isolated location. Data backup is essential in the event that original data is lost due to a natural or human-made disaster. Organizations are also required to develop a comprehensive Disaster Recovery Plan (DRP) to enhance data availability (Haughn & Gibilisco, 2014). Firewalls represent another strategy for enhancing availability by blocking unauthorized access to organizational network systems (Wadhwa, Hussain, & Rizvi, 2013).
"Vulnerabilities in hardware, software, network, and cloud systems"
"Recommended strategies to protect centralized data systems"
"Cited sources and bibliography"
You’re 42% through this paper. Sign up to read the remaining 3 sections.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.