Almost every week the media reports on negligent loss of data, much of it highly sensitive. Perhaps with so many people using so much data in so many different places we should not be so surprised.
Today an increasing number of organizations – emergency services, government departments and financial institutions – hold information nationally and access it nationally, and, in some cases, offshore it.
There is relatively little offshoring of information by government. But corporate organizations, credit helpdesks and so on hold their customer relations management overseas.
They share information over the web with a vast number of IT systems and databases. It is almost impossible for anyone to know on what scale this information is accessible.
The aggregation of information, in itself, escalates the level of sensitivity. So there is greater risk of abuse or corruption, either intended or accidental.
Unfortunately, shared technology increases risk, and criminals and vandals are using this same technology to remotely attack data systems. These attacks can be very successful, and by their nature make the deterrent of legal action more difficult.
We are faced with different threat levels to network-based information systems. These range from the careless user who leaves a disc on a train to foreign intelligence services who engage in cyberwarfare against perceived enemies.
So in the quest to satisfy the network-enabled world’s increasing demand for effective data protection, the first step is an accurate assessment of risk.
At the lowest level, but the most common source of threat, are the millions of users themselves. They might lose a data stick or leave a laptop on public transportation.
Next up are the service providers. With outsourcing on the rise you must be confident your service providers conduct rigorous processes in how they look after their networks and information.
Higher still are the amateur hackers, of which there are many, although they are opportunistic and the minute they hit a firewall will probably move on.
At the pinnacle of threat are sophisticated hackers who are often linked to criminal gangs, and foreign intelligence services.
Assessing the appropriate level of response for each of these threats is therefore the starting point to resolving the problem. There is no point in overkill, locking down systems so tightly that it imposes on the system’s usability if the information it contains is fairly innocuous.
When it comes to protecting our data many of us, it seems, are still stuck in the Dark Ages. People think IT protection is just about the computer. It is not the computer but the system it is running on that is most vulnerable.
Putting all the necessary protection into computers would be expensive, so making sure that computers can operate on secure and trusted networks is important because of the way we work today, using laptops, working away from the office, all done over public networks.
It is vital to know what level of protection you need. But however good your information assurance is, if someone else has not taken adequate steps, they are the weak link and your data is vulnerable because of them. In this network-enabled world we all depend on each other as never before.