Government Technology

Treating data with respect
Marc Hocking, Chief Technology Officer at BeCrypt, gives some practical advice on how to protect data securely

ImageThree sets of Data Handling recommendations have been published recently.  With most government organisations now banning the use of laptops outside of secured premises, as well as the use of removable media for data transfer, how can you ensure your data is securely protected? Utilising readily available, government approved technology, government organisations and their business partners can build a culture where personal data is treated with the respect it deserves, is securely protected, and where people can still safely enjoy the benefits of flexible working.
    
It is not only Her Majesty’s Government (HMG) that has had well documented data losses, but also large commercial organisations. All of the reports accept that personal data is required to provide better and more personalised services and must be stored. However, all state that data should be properly safeguarded as the government is the custodian of, rather than the owner of, the data. Indeed a new concept of ‘protected personal information’ has been introduced.

A change in culture
Another common theme is that end users, ie staff, must be given clear guidance, including regular training on the treatment and handling of data and that data security measures must be quantifiable, transparent, and easily open to scrutiny. In addition, all of the reports call for a change in culture to one in which personal data is treated with the utmost respect.  
    
The key is to have computer systems that underpin set policies and procedures, with which people comply. This can be achieved by implementing data security systems that are transparent to the end users, having no impact on the way that they work, and that are centrally managed so procedures can be monitored and enforced, with audit trails to prove compliance and highlight any irregularities.  
    
As the reports note, there are challenges to managing data. Not just the questions of how and where it is stored, but of how much data is required and for how long. There is no need to store more data than is really required and for longer than is necessary, nor should data be sent to places where it isn’t required. Another area of vulnerability is data access: who is accessing the data, and what specifically do they have access to?

Sharing information securely
It is important to enable shared services, so data should be protected in such a way that it is still easy for authorised recipients to access it.  Information that leaves direct control must be protected by clear processes which ensure that the right person is authorised to receive and access it. These issues have driven a number of initiatives, including the “Whole of Life” Assurance Model from CESG, that have resulted in new products that allow the secure export of data, as well as the control of the data by the authorised recipient.
    
Although the aim is to phase out the use of removable media for the transfer of data, or the sharing of data with third parties, in the short term many departments must still use this method. To solve this problem there are now government approved products available that provide a ‘zero footprint’ encryption option where data files are protected by encryption and automatically decrypted when the authorised recipient authenticates. In addition these solutions can define how data is handled once received at the destination, providing controls and an audit trail to track what information has been sent, what has been received and ensure that it has not been tampered with in transit.

Keep it at home
An even better solution is for data to be accessed on its home server so that it never actually leaves its safe, protected environment.  This can be achieved by providing secure access via a virtual private network. This is ideal for staff who need to work away from secured headquarters. Alternatively it can be used to grant other organisations access to data without the overhead of having to set up permanent network access.         

Users are issued with a low cost USB device that carries a secure, encrypted operating system that enables them to boot from any machine and access defined areas and files on the home network. The device is totally isolated from the host machine so there is no possibility of cross contamination by viruses and other malware, or of data leakage. If lost the USB device is totally encrypted so no data can be assessed by unauthorised users.
    
This supports the government’s move to support more flexible working conditions for its staff, and enables staff to be more productive, while maintaining a better work/life balance.  With the deployment of such solutions, citizens and employees can be assured that the integrity and confidentiality of their personally identifiable data is appropriately managed. And in time, government departments should gain a reputation for being safe custodians of other people’s information.

For more information
Please visit www.becrypt.com

 
Home
GT News
Features
Events
GT Video
Product News
Products by Category
Product Features

Latest Issue

Go to the full index.

Click on the image above to download the latest issue in pdf format (approximately 3.7MB)

About GT

About GT
Media Information
Sister Sites
BBC News
Register

Registration






Lost Password?
No account yet? Register

Search the GT site

GT News

Visit the Samsung website
Visit the Eco Web Hosting Website
Misco Public Sector
Download Vulnerability Management for Dummies book free from Qualys