Prevent access to data by bad people. Including their queries.
Figuring out who the bad people are is difficult. A good policy is to not trust unless one has to.
Allow access to people who are supposed to have access, in the appropriate way. Some queries of your data may be allowed/searches for malware.
These people should not be reporting on things outside their scope. An antivirus program could detect keywords or “thought crimes” and report to someone.
Preserve data that one wants to keep.
multiple copies, including offline and write once copies.
Allow quick usage and retrieval of data.
access to search indexes nay be a vulnerability.
Keep Revisions of documents–
Filesystem level and Versioning system levels.
Cloud storage
Allow guest access.
Blob Storage allows deduplication of data.
Content moderation, block content that is pleasurable that can warp our persons.
Control costs. Sharing computers can save a lot of money. Having many passwords is costly, but sharing a password between sites makes them vulnerable.
Protection by policy and insurance, If the cost of a data breach can be determined, it may be possible to save on safety and just have insurance.
Encryption- this adds processing cost, but can help authenticate
Blockchain — This can help keep a trusted record of transactions.