Managed IT Services and Security


We are an IT Services and Support company based in Hatfield Hertfordshire. We believe that your staff should be spending their time working with your clients / customers, not spending hours on the telephone to your IT support company.

If you would like to know more, please send an email to TonyH@clearview.co.uk. I will then get back to you to arrange a date when we can meet up to explain how we can reduce the cost of your IT by using our experienced IT staff with the right automated tools to support your business.

Wednesday, 27 June 2012

Securing Access To Personal Information

Data Security On the BBC's Panorama programme the DWP recently admitted that in the last 12 months, 158 people have been disciplined for unlawful access to personal medical information. Of all information that needs to be kept securely, surely personal medical information must come at the very top of the priority list!
From a personal point of view, it's all very well that they managed to identify and discipline the DWP staff who accessed the information illegally, but I would rather that the appropriate technology had been in place to prevent access in the first place. Yet if government departments fail to protect our data sufficiently, what should companies do to protect access to our personal details? A number of technologies are available to protect unauthorised users from accessing sensitive information in corporate databases:
  • Intrusion Prevention – Intrusion prevention technology can prevent you against SQL Injection and Cross Site Scripting attacks. McAfee Database Activity Monitoring and McAfee Intrusion Prevention work at the application layer to identify these attacks and block them.
  • Protection against Zero Day Attacks - No database administrator wants to implement emergency patches to their SQL server / Oracle application servers outside their normal patching cycles if they can avoid doing so. McAfee Database Activity Monitoring and Trend Micro DeepSecurity protect you against zero day threats until such time as you are able to apply the manufacturer's patches as part of your normal patching cycle.
  • Database Access Monitoring – The first step to securing information on your databases is being able to report on access to personal / confidential information on your databases (e.g. medical information and credit card information) so that you can identify who is accessing this information and consequently which users may have been granted inappropriate access rights. Rules may also be configured to block unauthorised access to sensitive information.
In addition, products such as Safenet Datasecure can be used to overlay best practices for database encryption key management and access control. Key management products protect your organisation’s encryption keys and provide a straightforward means of backing them up securely from a central point.

Technology to implement robust data security is not cheap, but withe the Information Commissioner handing out increasing penalties on those organisations that fail to protect personal information, companies need to seriously consider their risk profile and whether some form of data protection may be a wise investment taking into account the potential cost of breach notification procedures, loss of reputation or worse.

No comments:

Post a Comment

Do you have a burning "How do I do that?" IT question that you need an answer to? Post it here and one of our engineers will answer it if they can. If we can't, we will get back to you and let you know nonetheless.