Long arm of the Law

VanessaHoward — Fri, 26 Feb 2010 17:01:48 +0000

Sometimes governments can be forward-thinking – no, really bear with me – and initiatives arrive you can quietly applaud.

The Welsh Assembly Government’s e-Crime Wales is a partnership of organisations, agencies and the police – that it has dedicated police business liaison officers is thought to be a world’s first.

Data loss and security breaches are a growing problem for businesses everywhere and Detective Constable John Cherry recently confirmed something most organisations are aware of when he said: “I have found that 70 per cent of threats come from within companies, either through malicious abuse of data or simple employee ignorance of existing threats.”

A Computer Security, Issues, & Trends report placed the risk of security breaches from employee and former employees even higher, at 81 per cent.

But when government gives with one hand it can certainly take with the other and data protection issues are ever pressing (no matter that government departments have breached their own DPA principles).

When the Nationwide Building Society was fined £980,000 by the FSA for failing to manage information security back in 2007, everyone sat up and took notice.

Now the UK Information Commissioner has made it clear that companies found wanting can be hit by ‘unlimited fines’ and that it is down to the ‘data controller to comply with the data protection principles’, day-to-day demands on data use are brought into sharp relief.

No matter the security polices that are drafted, unless operational integrity is in place, good intentions will come unstuck. And when it comes to testing and development, testing on copies of production data contains unavoidable risks.

Discussions have recently centered on using representative or “fake” data for testing and development. No, there is no other secure way – not even data obfuscation. Seeing as we’re now hearing that masking algorithms can easily be re-engineered (read: http://www.guardian.co.uk/technology/2010/jan/24/computer-security-crime-anonymous-datasets) the time is now to get on the train.

Even if you set aside the advantages of the time and space saved, synthetic data is the most secure and completely compliant – it seems the case for producing synthetic data is copper-bottomed.

Don’t risk not securing your data!

John — Fri, 13 Nov 2009 08:33:52 +0000

For almost all organizations, their corporate data is an absolutely crucial business asset. Without access to the information in their corporate databases, most companies would be unable to conduct their day-to-day business. While in recent years, most companies have invested heavily in trying to protect the availability of corporate data, there has been a glaring oversight within the industry to ensure that access to the production data is appropriate, controlled and audited. While database performance and availability remain the key areas of concern for most DBAs, for compliance officers and security managers data confidentiality and integrity take precedence. Thankfully, the industry is waking up to risks associated with poorly secured databases and the shift in approach to ensuring that corporate data is adequately protected against a wider range of threats including theft, destruction and modification is gaining momentum.

» data security

Long arm of the Law

Don’t risk not securing your data!