Having a clear understanding of where your data is being consumed is a critical first step toward being able to secure and ultimately protect it. Using data flow diagrams, it is possible to know the flow of data through each of the systems and processes being used within your organization.
Though often used during the development of a new software system to aid in analysis and planning, data flow diagrams give unparalleled insight into every instance where data is potentially vulnerable.
Anatomy of a Data Flow Diagram
Data flow diagrams visually detail data inputs, data outputs, storage points, and the routes between each destination.
Components of a Data Flow Diagram
- Entities – Show the source and destination for the data. They are generally represented by a rectangle.
- Process – The tasks performed on the data is referred to as a process. Circles in a data flow diagram indicate a process.
- Data Storage – Data is generally stored in databases, which are seen in data flow diagrams inside a rectangle with the smaller sides missing.
- Data Flow – Displays the movement of data with the help of lines and arrows.
Also read: Unifying Data Management with Data Fabrics
Logical Vs. Physical Data Flow Diagrams
There are two primary types of data flow diagrams, each with a specific function and designed to inform a different target audience.
Logical data flow diagrams
Logical data flow diagrams illustrate how data flows in a system, with a focus on the business processes and workflows. With a focus on how the business operates at a high level, logical data flow diagrams are a great starting point, providing the outline needed to create more detailed physical data flow diagrams.
Benefits of logical data flow diagrams:
- Provide an overview of business information with a focus on business activities
- Less complex and faster to develop
- Less subject to change because business functions and workflows are normally stable processes
- Easier to understand for end-users and non-technical stakeholders
- Identify redundancies and bottlenecks
Physical data flow diagrams
Physical data flow diagrams provide detailed implementation information. They may reference current systems and how they operate, or may project the desired end-state of a proposed system to be implemented.
Physical data flow diagrams offer a number of benefits:
- Sequences of activities can be identified
- All steps for processing data can be described
- Show controls or validating input data
- Outline all points where data is accessed, updated, retrieved, and backed up
- Identify which processes are manual, and which are automated
- Provide detailed filenames, report names, and database field names
- Lists all software and hardware participating in the flow of data, including any security-related appliances
Also read: Top Data Quality Tools & Software
Strategies For Developing Data Flow Diagrams
Avoid feeling overwhelmed by the creation of a data flow diagram by following a few simple strategies.
- Begin with lists of all business activities, vendors, ancillary systems, and data stores that need to be included.
- Take each list and identify the data elements needed, received, or generated.
- Always include steps that initiate changes to data or require decisions be made, but avoid creating a flowchart (for example, identify that the user needs to accept or reject an incoming order or reservation, but don’t break it down by ‘if yes, then’ and ‘if no, then’).
- For complex systems, it may be helpful to start by adding data stores to the diagram and working outward to each of the processes involved – it is likely that single data inputs are used or accessed repeatedly.
- Ensure that there are no freestanding activities – only include processes that have at least one data flow in or out.
- Review labels to be sure they are concise but meaningful.
- Try to limit each data flow diagram to a maximum of 5-7 processes, creating child diagrams where appropriate or required.
- Consider numbering the processes to make the diagram easier to review and understand.
- A successful data flow diagram can be understood by anyone, without the need for prior knowledge of the included processes.
Using A Data Flow Diagram To Mitigate Security Threats
The best way to protect data from security threats is to be proactive instead of reactive.
Data flow diagrams can support cybersecurity initiatives in many ways:
- Identify when data is at rest and in transit.
- Visualize when data is shared with external vendor systems.
- Know which users and systems have access to which data, at which time.
- Enable the notification of affected users, systems, and vendors in the event of a security breach or threat.
- Understand the schedule of automated processes to know when data is being offloaded or consumed.
To best support the mitigation of security threats, data flow diagrams should include all risk assessments (corporate governance, external vendors and ancillary systems, and key business processes), complete inventory listings (hardware and software systems), and all user roles that have and require access to data at every point.
For targeted threat modeling, it may be helpful to create additional data flow diagrams to support a specific use case. One example would be a diagram that looks at authentication separate and apart from the workflows and processes that access will be granted to.
Comprehensive data flow diagrams ultimately show where the systems make data vulnerable. Threat modeling best practices generally consider data safest when at rest, so look to points in data flow diagrams where data is sent or received to ensure security and integrity are maintained.
A Living Part of System Documentation
Don’t forget that data may move through systems and processes in non-technical ways as well. Paper-based or non-technical business processes where information is gathered or stored should also be included in data flow diagrams.
Data flow diagrams should become a living part of system documentation and be thought of as a source of truth. As systems and processes are updated, it’s important that the consequences to data flow or data integrity are considered and reflected in any existing diagrams.
Read next: Best Data Governance Tools & Software