Posted by SecExtra on January 28th, 2008

Hot on the heels of our recent coverage about M&S losing thousands of Employees personal data files, The Ministry of Defence was forced to admit yesterday that three laptop computers containing personal details of hundreds of thousands of military recruits are missing. None of the data on the laptops was encrypted, and contained details of passport data, National Insurance and driver’s licence numbers, family details and NHS numbers for about 153,000 people who applied to join the armed forces. Richard Farnworth, General Manager, Enterprise Solutions, NEC UK comments:

“This latest announcement should certainly act as a wake up call to the Government and all holders of personal data. The security technology and processes currently in place clearly doesn’t protect against human error or malice, so the public sector needs to start following enterprise’s example for its security provisioning.

“To negate such security losses, leaks and breaches in the future, the Government should explore virtualised computing solutions, that allow laptops to purely act as ‘dummy terminals’ where all the data is stored centrally. Therefore, if a laptop is lost or stolen, important data is not able to get into the wrong hands.

“Another viable security solution for non-virtualised laptops and PCs is full disk encryption, that allows data to be encrypted at the hardware level allowing always-on data encryption. However, the need for security in the IT infrastructure is becoming more and more pervasive, encompassing the entire network and the appliances that are attached to it. Therefore, data encryption at appliance level (e.g. PCs) is important, but there is an increasing amount of appliances (e.g. mobile telephones, PDAs, BlackBerrys, virtualised solutions) accessing the network that must also be secured. Encryption, authentication and access control is especially key for these technologies, as is the encryption of the data as it travels across the network and the data protection within server, storage and SAN environments.

“Authentication and verification is continuing to become much more sophisticated and NEC is at the forefront of such developments using a range of multi-modal approaches, such as presence-based access control (e.g. NFC, RFID, and chip & pin) alongside biometric security (fingerprint, facial and eye recognition), which will become increasingly important in the years ahead.

“Ultimately, human error, disclosure or malice continue to be the biggest threats to data security, so if the Government is to avoid the negative headlines we have recently seen, they should be looking to deploy the personalised, multi-modal solutions that we would expect from Government levels of security.”