Tuesday 26 August 2008

Information security myopia

My article in the current edition of IDM magazine used examples of traditional information security failures to provide some balance against concerns about Web 2.0 security. In the latest example from the UK a contractor lost an unencrypted memory containing "details about 10,000 prolific offenders as well as names, dates of births and some release date of all 84,000 prisoners in England and Wales - and 33,000 records from the police national computer."

Again, I'm not saying that Web 2.0 is more secure but that we need to look at the information security risks of both existing technologies and the new social media tools. Even in this latest example the data wasn't stolen with some criminal objective by the person who lost it, they probably just wanted a copy of the data to work on offline. In that respect this kind of incident is probably just the tip of the iceberg. A marketing study by Dell suggests that hundreds of thousands of laptops are lost at airport each year - they claim:

"half of the mobile professionals it polled for the study admitted to carrying confidential company data on their computers without implementing the appropriate steps to ensure its protection."

Securing enterprise data and devices is important, but one other obvious part of this strategy is for organisations to also provide the collaboration and information access channels that people need so that staff and contractors don't need to download data on to sneaker net or elsewhere in the first place.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.