Current Filter: Security>>>>>Feature>

   

The past couple of years have been colourful on the data leakage front, with countless examples including 2 million user accounts breached at a mobile operator and 38 million accounts compromised at an IT services provider. Closer to home, a UK firm was fined £325,000 by the Information Commissioner's Office after hard drives containing patient data were sold on eBay by a contractor it employed to destroy them.

As Dr Anand Narasimhan, director, Sims Lifecycle Services EU, comments: "High-profile leaks of data have become a regular headline in news publications across the world. Undervaluing the responsibilities associated with holding information on IT equipment is a common occurrence, resulting in worrying consequences for the companies involved.

There are many sources of data leakage, he points out, the leading ones including: POS intrusions, Web App attacks, Insider misuse, Physical theft or loss, Crimeware, Card Skimmers, DoS attacks, and Cyber-espionage. While many businesses have secure policies and technologies to counter these challenges, established to ensure that data is safe within the business and when shared across technologies, what happens to data when IT assets leave their premises and their control?

FAILURE OF DUTY
"Data rich IT assets will leave a business for various reasons, including: IT refurbishment and reuse within the business, for external sale, for donation to charities, IT component and parts recovery for reuse or resale and IT disposal and recycling. It is clear from the sensitive information appearing in the public domain that a wide range of organisations globally are fundamentally failing in their duty to properly manage sensitive data when their IT equipment passes outside of their control. Residual data can still be accessed years after the equipment has been discarded and, in the wrong hands, could have serious implications, including direct financial losses, penalties due to regulatory non-compliance, brand damage and loss of credibility, to name a few," Narasimhan states.

"In our work, we regularly handle POS devices, servers, computers, mobile devices and various flavours of removable media. We secure them, transport them, store them, wipe them, remarket them and destroy them, all of the time taking care to ensure that our clients can feel secure. Yet, in our industry, we typically go to work only when a client has a need for disposal.

"What is needed is a significant shift in mindset, within our clients and in our industry, to a view of information as an asset whose life span extends well beyond the traditional viewpoint of data within a box, within a network, within an enterprise, that can be transported, handled, migrated, stored and destroyed by a network of providers." In other words, providers who can assure a chain of custody, offer a high level of security, auditability and transparency, and provide clients with the visibility needed to track that information asset anywhere in its lifecycle.

NONCHALANT APATHY
There is a worrying shift in attitudes toward data breaches, insists Ruth Inglis, sales & marketing manager at Titania. "Nonchalant apathy to the news of daily breaches is taking over the end user. The most recent breaches of Home Depot and JP Morgan have had almost no impact on sales or stock price. Consumers reportedly will not change their shopping habits and are almost expectant of a breach. It is easy to see why. The end user is not left out of pocket, the cards are swiftly re-issued by banks and, at the very most, they need to keep an eye on their account for any suspicious activity. Seemingly, this ivory tower perception seems to work for everyone: company, consumer and attacker. But haemorrhaging data is not healthy, even if the effects are not noticeable straightaway. Identity theft looms in an underground forum near you."

There is a consensus in media that the retailer should be hung to dry for the sin of being breached, she adds. "But security is not a self-sufficient feature within the organisation; it is a complex systems consisting of people, processes and technology. In the real-world business environment, other factors come into play: supply chain, customers, suppliers, resellers, partners, subsidiaries and many more. As the risk map grows, so does the security responsibility."

Page   1  2  3