Tel: +44 (0) 208 255 0777
Fax: +44 (0) 208 255 7511
Email: info@secon.co.uk
HOME
ABOUT US
SOLUTIONS
PARTNERS
SERVICES
TRAINING
CONTACT
CAREERS

 











news area


11 February 2008
Data encryption 'not always safe' - Centennial

Data encryption 'not always safe'

Data encryption could make a firm more vulnerable, according to one panel of security experts.

Although most organisations see data protection as a vital part of their IT management and data encryption as the best way to deal with this, it may not always be the best way.

Richard Moulds, nCipher's product strategy EVP, told Techworld:
"Lot of organisations are new to encryption.

"Their only exposure to it has been with SSL, but that's just a session. When you shift to data at rest and encrypt your laptop, if you lose the key you trash your data - it's a self-inflicted denial-of-service attack.

"Organisations experienced with encryption are standing back and saying this is potentially a nightmare. It is potentially bringing your business to a grinding halt."

The expert panel added that many organisations encrypting data are not aware of the risks involved and they could be vulnerable to attacks – either deliberate or accidental – on their key management infrastructures.

Data systems 'always prone to human error'

Organisations' data systems will never be foolproof, but that still need to be as good as they can, according to experts.

Business data experts at Leeds University have explained that, while all precautions can be made, including an IT audit to make sure systems are functioning as they should be, workers "natural autopilot" would always undermine security work.

Professor Gerard Hodgkinson, director of the Centre for Organisational Strategy, Learning and Change, told the Press Association that human error would always play a part in data security.

He said: "Our research shows that organisations will never be able to remove all latent risks in the protection and security of data held on IT systems, because our brains are wired to work on automatic pilot in everyday life.

"People tend to conceptualise the world around them in a simplified way."

He added that, if the risks involved in every conceptual situation were analysed "we'd never get anything done".

Govt 'should learn from local authorities' over data security

Central government departments should consider looking at local government groups for ideas on how to improve their data security, according to the Parliamentary IT Committee (Pitcom).

Pitcom held up Birmingham City Council as an example of how the government should look at best practice in data security, explaining that the council factored in data security control methods into its annual IT audit.

According to Computer Weekly, Glyn Evans, transformation policy leader at Birmingham, told the Pitcom report: "We have internal and external auditors and there is a strong focus on security of and access to personal data.

"After all, it is linked to the financial well-being of the authority. This practice is commonplace in the larger local authorities."

The current crisis on data management in the government means it is a key area for improvement, with Toby Stevens, director of the Enterprise Privacy Group, explaining: "The UK government has been idle in issuing guidance in this vital policy area - the biggest problems have been in implementation."


 



24 July 2008
Trend Micro Licenses Host Intrusion Defence Technology

08 July 2008
Frequently Asked Questions About The Celestix MSA Appliance

02 July 2008
Juniper Remote Access Technical Demonstration Day



      ©2004 Secon Solutions. All rights reserved.