Advertisement
Advertisement

Protecting data is a daunting challenge businesses face

'Complete privacy does not exist'

The tagline for yet another reality TV show? The Wikileaks mission statement? No. This was Google, quoted from its defence against an invasion of privacy lawsuit, deposed in the United States in 2008.

Data security today is more than an increasingly pressing issue. It is a war zone - as the US government has discovered courtesy of Wikileaks. At individual level, too, the number of threats is still rising; more than half of respondents to a research survey last year commissioned by Webroot, an internet security software provider, cited a 50 per cent increase in malware attacks from the previous year.

The most obvious reason is the blurring of lines between professional and personal domains on our computers. As workforces become more mobile, employees systematically access work-related documents from personal devices and, as computers become the mainstays of our day-to-day activities, employees happily run their private lives from their work computers - 72 per cent of British workers, responding to a survey by Star, a British-based provider of IT and communication services, admitted using the company's internet for personal use during lunch hour.

To make things worse, the attitude towards protection against infection is careless bordering on cavalier.

If we were talking about real-world contagious diseases, it would probably be criminal.

According to a survey by McAfee, 79 per cent of mobile device users don't have any antivirus or other security software installed. This leaves companies at risk.

Meanwhile, employees checking personal e-mails, carrying out online banking transactions and going online shopping are exposing themselves to any attack on the company's network and exposing the company to any virus they pick up and bring in along the way.

The average cost of a security breach for a medium-to-large British firm is in the range of GBP280,000 (HK$3.42 million) to GBP690,000, according to PricewaterhouseCooper's biennial survey. Is it possible to be part of the wireless generation and still protect one's privacy? Log on to the internet and we all have the equivalent of a Google van driving through our lives. Is there an effective way to ensure the protection of personal data?

What is possible is to protect against attack by hackers, spammers and phishers, who gather details such as passwords and credit card numbers via bogus web pages.

There are two options, neither of them perfect:

Network-based security:

How: Still the favourite for corporations, this involves maintaining your own antivirus software and keeping it updated.

Pros: This method allows complete control over your information. For businesses, it allows highly sensitive information to be secured onsite, eliminating the risks associated with sharing this information with a third party.

Cons: Above all, it's slow. The time to react can be counted in hours. Latest virus variants need only seconds.

For the inexperienced, incorrect decisions may lead to security breaches. Also, antivirus software generally runs at the highly trusted kernel level of the operating system, creating a potential avenue of attack.

It is also the more costly and time-consuming option, especially for small- and mid-sized businesses that may not include security as one of its core-capabilities.

Cloud-based security:

How: Information and network security requirements are outsourced to an organisation specialising in internet security. For example, Symantec, IBM, iSheriff and Google's Postini service.

Pros: It works, and at the speed of light. As security threats thrive and become more complex and sophisticated, the expenditure for companies in terms of administrative burden, software and hardware becomes less internally manageable. By outsourcing to a company dedicated to keeping on top of arising issues and new viruses 24 hours a day, there is a quicker response to new threats. There is also less pressure on internal administration to manage, support and account for developing security issues.

Cons: As data is moved away from a protected infrastructure, ensuring the security of this data becomes more of a challenge.

A third, hybrid variant of the above two, keeps some software and the servers running it in situ with the client, while the cloud does the rest.

The goal is to protect the client while allowing them to preserve the integrity of their data.

As for the personal privacy issue, that goes well beyond antivirus software. There being few if any historical precedents for technology going backwards, we have to assume that it will continue to advance. As such, we will network more, with more sophisticated devices offering more complicated functions.

Similarly, there is little to suggest that corporations and governments ever find it in their interest to have less information on their customers and/or citizens. Whenever technology, which they tend to be the ones funding, offers opportunities to know more, the opportunity is seized eagerly.

Let's cut to the chase and leave it with the guys who are redefining privacy: Google. This is Eric Schmidt, Google CEO, in an interview in December last year: 'If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.'

Post